DNA-Droid: A Real-Time Android Ransomware Detection Framework

Gharib, Amirhossein; Ghorbani, Ali A.

doi:10.1007/978-3-319-64701-2_14

Cited by 61 publications

(44 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Year Static Dynamic Machine-Learning Available Chen et al (RansomProber) [9] 2018 Cimitille et al (Talos) [11] 2017 Gharib et al (Dna-Droid) [15] 2017 Song et al [24] 2016 Zheng et al (GreatEatlon) [29] 2016 Yang et al [27] 2015 Andronio et al (HelDroid) [3] 2015 from API-calls, permissions and behavioral features [10]. Finally, Ahmadi et al proposed IntelliAV, a generic malware-oriented detector that is publicly available.…”

Section: Workmentioning

confidence: 99%

On the effectiveness of system API-related information for Android ransomware detection

Scalas

Maiorca

Mercaldo

et al. 2019

Computers & Security

View full text Add to dashboard Cite

Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were tailored to identifying malware families, without a clear focus on ransomware. More specifically, such approaches resorted to complex information types such as permissions, userimplemented API calls, and native calls. However, this led to significant drawbacks concerning complexity, resilience against obfuscation, and explainability. In this paper, we propose a different, static approach to accurately detect Android ransomware, which is independent of user-defined information and that leverages the fact that ransomware attacks heavily resort to System API to perform their actions. More specifically, by only using System API-based information, it is possible to detect ransomware accurately and to distinguish it from generic malware and goodware. To this end, we proposed and tested three different ways of employing System API by using packages, classes, and methods, and we compared their performances to other, more complex state-of-the-art approaches. The attained results showed that systems based on System API could detect ransomware and generic malware with very good accuracy, comparable to systems that employed more complex information. Moreover, the proposed systems could accurately detect novel samples in the wild and showed resilience against static obfuscation attempts. Finally, to guarantee early on-device detection, we developed and released on the Android platform a complete ransomware and malware detector that employed one of the methodologies proposed in this paper.

show abstract

Section: Workmentioning

confidence: 99%

On the effectiveness of system API-related information for Android ransomware detection

Scalas

Maiorca

Mercaldo

et al. 2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Gharib et al [51] proposed a similar approach for static and dynamic analysis. They experimentally presented a framework called DNA-Droid that relies on static analysis to classify apps into suspicious, malware or trusted.…”

Section: Related Workmentioning

confidence: 99%

“…These characteristics could use dynamic features such as launching a root exploit, sending background SMS messages, CPU usage and memory usage [22,42,48,49]. User permissions were also used to indicate malicious activities for Android applications [34,41,51]. Other methods track real time system calls [13,19] and user data [49,54].…”

Section: Related Workmentioning

confidence: 99%

“…RF is a popular classification algorithm that usually results in a good accuracy of predictions compared to other classification algorithms [78]. It was utilized in many of malware and ransomware detection research [19,24,27,51,79,80]. Also, other classification algorithms such as support vector machine (SVM), Decision trees (J48) and Naïve Bayes (NB) as well used to measure the accuracy of the proposed approach.…”

Section: Classification Algorithms (Data Mining Techniques)mentioning

confidence: 99%

See 1 more Smart Citation

Ransomware Detection System for Android Applications

Alsoghyer

Almomani

2019

Electronics

View full text Add to dashboard Cite

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim's device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages' calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user's device. API packages' calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

show abstract

“…Reference [23] implemented a tool named DroidInjector, which reproduced the malicious behavior of the application through the simulation of the application behavior. Gharib [24] put forward a system named ProfileDroid, which can depict the application behavior from 2 aspects of semantics and behavior and improve the accuracy of behavior analysis. Ardeshiricham [25] then designed a more detailed system named DroidScope.…”

Section: Introductionmentioning

confidence: 99%

A Security Sandbox Approach of Android Based on Hook Mechanism

Jiang

Liu

Yang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

As the most widely applied mobile operating system for smartphones, Android is challenged by fast growing security problems, which are caused by malicious applications. Behaviors of malicious applications have become more and more inconspicuous, which largely increase the difficulties of security detection. This paper provides a new security sandbox approach of Android based on hook mechanism, to further enrich Android malware detection technologies. This new sandbox monitors the behaviors of target application by using a process hook-based dynamic tracking method during its running period. Compared to existing techniques, (1) this approach can create a virtual space where apk can be installed, run, and uninstalled, and it is isolated from the outside and (2) a risk assessment approach based on behavior analysis is given so that users can obtain an explicit risk prognosis for an application to improve their safety. Tests on malware and normal application samples verify this new security sandbox.

show abstract

DNA-Droid: A Real-Time Android Ransomware Detection Framework

Cited by 61 publications

References 15 publications

On the effectiveness of system API-related information for Android ransomware detection

On the effectiveness of system API-related information for Android ransomware detection

Ransomware Detection System for Android Applications

A Security Sandbox Approach of Android Based on Hook Mechanism

Contact Info

Product

Resources

About