Android Ransomware Detection Based on Dynamic Obtained Features

Abdullah, Zubaile; Muhadi, Farah Waheeda; Saudi, Madihah Mohd; Hamid, Isredza Rahmi A.; Foozy, Cik Feresa Mohd

doi:10.1007/978-3-030-36056-6_12

Cited by 22 publications

(15 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, Abdullah et al collect system calls for each executed Android application [18]. VirusTotal is used to download malicious applications.…”

Section: Api Callsmentioning

confidence: 99%

“…It is based on the sequence of API calls Manuscript submitted to ACM Articles Type Approaches Tested Detection/Protection Mechanism Static Dynamic Solution [39] API Calls ✓ X ✓ Random forest applied to the occurrences of system API packages in the Android apps to classify the executables as ransomware, malware, or trusted. [18] API Calls X ✓ ✓ Random forest, J48, and Naive Bayes are applied to fiftytwo collected system calls to detect ransomware samples. [32] Multiple IOC ✓ ✓ ✓ Applying ML on static (threatening texts, logos and API methods found in the APK) and dynamic features (sequence of API calls) to detect Android ransomware.…”

Section: Multiple Ioc (Indicators Of Compromise)mentioning

confidence: 99%

“…[14] Multiple IOC ✓ ✓ ✓ Applying NLP to extract threatening texts and tracking encrypting functions and locking heuristics to detect Android ransomware. [29] Multiple IOC ✓ ✓ ✓ Applying ML on op-codes (static approach) and memory, CPU and network usage, and statistics on system calls (dynamic approach) for ransomware detection Most surveys classify mobile ransomware detection based on static, dynamic, or hybrid analysis [18,29,43,61]. Model checking is also used to detect Android ransomware [42].…”

Section: Multiple Ioc (Indicators Of Compromise)mentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

et al. 2021

View full text Add to dashboard Cite

Ransomware remains an alarming threat in the 21st century. It has evolved from being a simple scare tactic into a complex malware capable of evasion. Formerly, end-users were targeted via mass infection campaigns. Nevertheless, in recent years, the attackers have focused on targeted attacks, since the latter are profitable and can induce severe damage. A vast number of detection mechanisms have been proposed in the literature. We provide a systematic review of ransomware countermeasures starting from its deployment on the victim machine until the ransom payment via cryptocurrency. We define four stages of this malware attack: Delivery, Deployment, Destruction, and Dealing. Then, we assign the corresponding countermeasures for each phase of the attack and cluster them by the techniques used. Finally, we propose a roadmap for researchers to fill the gaps found in the literature in ransomware’s battle.

show abstract

“…Similarly, Abdullah et al collect system calls for each executed Android application [18]. VirusTotal is used to download malicious applications.…”

Section: Api Callsmentioning

confidence: 99%

Section: Multiple Ioc (Indicators Of Compromise)mentioning

confidence: 99%

Section: Multiple Ioc (Indicators Of Compromise)mentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The last aspect is a major challenge since it preserves confidentiality, integrity and availability of user data. On Android, most of the approaches use static analysis relying on static features related to applications [7][8][9][10][11], dynamic analysis relying on features observed during their execution [12][13][14] and hybrid analysis combining the both [15][16][17]. Despite Google Play Protect provided by Google, to filter threats, there are still malicious applications carefully designed by bad people to have an impact on the security and privacy of users [8,18].…”

Section: Introductionmentioning

confidence: 99%

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme for Android Apps Based on Sentiment Analysis of Reviews

et al. 2020

View full text Add to dashboard Cite

To keep its business reliable, Google is concerned to ensure the quality of apps on the store. One crucial aspect concerning quality is security. Security is achieved through Google Play protect and anti-malware solutions. However, they are not totally efficient since they rely on application features and application execution threads. Google provides additional elements to enable consumers to collectively evaluate applications providing their experiences via reviews or showing their satisfaction through rating. The latter is more informal and hides details of rating whereas the former is textually expressive but requires further processing to understand opinions behind it. Literature lacks approaches which mine reviews through sentiment analysis to extract useful information to improve the security aspects of provided applications. This work goes in this direction and in a fine-grained way, investigates in terms of confidentiality, integrity, availability, and authentication (CIAA). While assuming that reviews are reliable and not fake, the proposed approach determines review polarities based on CIAA-related keywords. We rely on the popular classifier Naive Bayes to classify reviews into positive, negative, and neutral sentiment. We then provide an aggregation model to fusion different polarities to obtain application global and CIAA reputations. Quantitative experiments have been conducted on 13 applications including e-banking, live messaging and anti-malware apps with a total of 1050 security-related reviews and 7,835,322 functionality-related reviews. Results show that 23% of applications (03 apps) have a reputation greater than 0.5 with an accent on integrity, authentication, and availability, while the remaining 77% has a polarity under 0.5. Developers should make a lot of effort in security while developing codes and that more efforts should be made to improve confidentiality reputation. Results also show that applications with good functionality-related reputation generally offer a bad security-related reputation. This situation means that even if the number of security reviews is low, it does not mean that the security aspect is not a consumer preoccupation. Unlike, developers put much more time to test whether applications work without errors even if they include possible security vulnerabilities. A quantitative comparison against well-known rating systems reveals the effectiveness and robustness of CIAA-RepDroid to repute apps in terms of security. CIAA-RepDroid can be associated with existing rating solutions to recommend developers exact CIAA aspects to improve within source codes.

show abstract

“…The last aspect is a major challenge since it preserves confidentiality, integrity and availability of user data. On Android, most of the approaches static analysis relying static features related to applications [4][5][6][7][8], dynamic analysis relying on features observed during their execution [9][10][11] and hybrid analysis combining the both [12][13][14]. Despite Google Play Protect provided by Google, to filter threats, there are still malicious applications carefully designed by bad people to have an impact on the security and privacy of users [5,15].…”

Section: Introductionmentioning

confidence: 99%

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme of Android Apps Based on Sentiment Analysis of Reviews

Tchakounté¹,

Pagore²,

Kamgang³

et al. 2020

Preprint

View full text Add to dashboard Cite

To keep its business reliable, Google is concerned to ensure quality of apps on the store. One crucial aspect concerning quality is security. Security is achieved through Google Play protect and anti-malware solutions. However, they are not totally efficient since they rely on application features and application execution threads. Google provides additional elements to enable consumers to collectively evaluate applications providing their experiences via reviews or showing their satisfaction through rating. The latter is more informal and hides details of rating whereas the former is textually expressive but requires further processing to understand opinions behind. Literature lacks approaches which mine reviews through sentiment analysis to extract useful information to improve security aspects of provided applications. This work goes in this direction and in a fine-grained way, investigates in terms of confidentiality, integrity, availability and authentication (CIAA). While assuming that reviews are reliable and not fake, the proposed approach determines review polarities based on CIAA-related keywords. We rely on the popular classifier Naive Bayes to classify reviews into positive, negative and neutral sentiment. We then provide an aggregation model to fusion different polarities to obtain application global and CIAA reputations. Quantitative experiments have been conducted on 13 applications including e-banking, live messaging and anti-malware apps with a total of 1050 security-related reviews and 7.835.322 functionality-related reviews. Results show that 23% of applications (03 apps) have a reputation greater than 0.5 with an accent on integrity, authentication and availability, while the remaining 77% has a polarity under 0.5. Developers should make lot of efforts in security while developing codes and that more efforts should be made to improve confidentiality reputation. Results also show that applications with good functionality-related reputation generally offer bad security-related reputation. This situation means that even if the number of security reviews is low, it does not mean that security aspect is not a consumer preoccupation. Unlike, developers put much more time to test whether applications works without errors even if they include possible security vulnerabilities. A quantitative comparison against well-known rating systems reveals effectiveness and robustness of CIAA-RepDroid to repute apps in terms of security. CIAA-RepDroid can be associated to existing rating solutions to recommend developers exact CIAA aspects to improve within source codes.

show abstract

Android Ransomware Detection Based on Dynamic Obtained Features

Cited by 22 publications

References 6 publications

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme for Android Apps Based on Sentiment Analysis of Reviews

CIAA-RepDroid: A Fine-Grained and Probabilistic Reputation Scheme of Android Apps Based on Sentiment Analysis of Reviews

Contact Info

Product

Resources

About