Abstract
Mobile ransomware is on the rise and effective defense from it is of utmost importance to guarantee security of mobile users’ data. Current solutions provided by antimalware vendors are signature-based and thus ineffective in removing ransomware and restoring the infected devices and files. Also, current state-of-the art literature offers very few solutions to effectively detecting and blocking mobile ransomware. Starting from these considerations, we propose a hybrid method able to effectively counter ransomware. The proposed method first examines applications to be used on a device prior to their installation (static approach) and then observes their behavior at runtime and identifies if the system is under attack (dynamic approach). To detect ransomware, the static detection method uses the frequency of opcodes while the dynamic detection method considers CPU usage, memory usage, network usage and system call statistics. We evaluate the performance of our hybrid detection method on a dataset that contains both ransomware and legitimate applications. Additionally, we evaluate the performance of the static and dynamic stand-alone methods for comparison. Our results show that although both static and dynamic detection methods perform well in detecting ransomware, their combination in a form of a hybrid method performs best, being able to detect ransomware with 100% precision and having a false positive rate of less than 4%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_18
Canfora, G., De Lorenzo, A., Medvet, E., Mercaldo, F., Visaggio, C.A.: Effectiveness of opcode ngrams for detection of multi family android malware. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 333–340. IEEE (2015)
Canfora, G., Mercaldo, F., Visaggio, C.A.: Evaluating op-code frequency histograms in malware and third-party mobile applications. In: Obaidat, M.S., Lorenz, P. (eds.) ICETE 2015. CCIS, vol. 585, pp. 201–222. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30222-5_10
Canfora, G., Mercaldo, F., Visaggio, C.A.: Mobile malware detection using op-code frequency histograms. In: Proceedings of International Conference on Security and Cryptography (SECRYPT) (2015)
Carbonell, J.G., Michalski, R.S., Mitchell, T.M.: An overview of machine learning. In: Michalski, R.S., Carbonell, J.G., Mitchell, T.M. (eds.) Machine learning. SYMBOLIC. Springer, Heidelberg (1983). https://doi.org/10.1007/978-3-662-12405-5_1
Gharib, A., Ghorbani, A.: DNA-Droid: a real-time android ransomware detection framework. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds.) NSS 2017. LNCS, vol. 10394, pp. 184–198. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64701-2_14
Infosec Institute: Evolution in the World of Cyber Crime. Technical report Infosec Institute, June 2016. http://resources.infosecinstitute.com/evolution-in-the-world-of-cyber-crime/#gref
McAfee Labs: McAfee Labs Threats report - December 2016. Technical report. McAfee Labs, August 2016. https://www.mcafee.com/au/resources/reports/rp-quarterly-threats-dec-2016.pdf
Martinelli, F., Mercaldo, F., Saracino, A.: Bridemaid: An hybrid tool for accurate detection of android malware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 899–901. ACM (2017)
Martinelli, F., Mercaldo, F., Saracino, A., Visaggio, C.A.: I find your behavior disturbing: static and dynamic app behavioral analysis for detection of android malware. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 129–136. IEEE (2016)
Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Ransomware steals your phone. Formal methods rescue it. In: Albert, E., Lanese, I. (eds.) FORTE 2016. LNCS, vol. 9688, pp. 212–221. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39570-8_14
Mercaldo, F., Visaggio, C.A., Canfora, G., Cimitile, A.: Mobile malware detection in the real world. In: Proceedings of the 38th International Conference on Software Engineering Companion, pp. 744–746. ACM (2016)
Milosevic, J., Ferrante, A., Malek, M.: Malaware: Effective and efficient run-time mobile malware detector. In: The 14th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2016). IEEE Computer Society Press, Auckland, New Zealand (2016)
Milosevic, J., Malek, M., Ferrante, A.: A friend or a foe? Detecting malware using memory and CPU features. In: 13th International Conference on Security and Cryptography SECRYPT 2016 (2016)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: Evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)
Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. In: Mobile Information Systems 2016 (2016)
Yang, T., Yang, Y., Qian, K., Lo, D.C.T., Qian, Y., Tao, L.: Automated detection and analysis for android ransomware. In: IEEE 17th International Conference on High Performance Computing and Communications, IEEE 7th International Symposium on Cyberspace Safety and Security, IEEE 12th International Conference on Embedded Software and Systems, pp. 1338–1343. IEEE (2015)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
Acknowledgements
This work has been partially supported by H2020 EU-funded projects NeCS and C3ISP and EIT-Digital Project HII.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J. (2018). Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-75650-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75649-3
Online ISBN: 978-3-319-75650-9
eBook Packages: Computer ScienceComputer Science (R0)