Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection
Additional information
Authors
Ferrante A.,
Malek M.,
Martinelli F.,
Mercaldo F.,
Milosevic J.
Type
Book chapter
Year
2018
Language
English
Abstract
Mobile ransomware is on the rise and effective defense from it is of utmost importance to guarantee security of mobile users'' data. Current solutions provided by antimalware vendors are signature-based and thus ineffective in removing ransomware and restoring the infected devices and files. Also, current state-of-the art literature offers very few solutions to effectively detecting and blocking mobile ransomware. Starting from these considerations, we propose a hybrid method able to effectively counter ransomware. The proposed method first examines applications to be used on a device prior to their installation (static approach) and then observes their behavior at runtime and identifies if the system is under attack (dynamic approach). To detect ransomware, the static detection method uses the frequency of opcodes while the dynamic detection method considers CPU usage, memory usage, network usage and system call statistics. We evaluate the performance of our hybrid detection method on a dataset that contains both ransomware and legitimate applications. Additionally, we evaluate the performance of the static and dynamic stand-alone methods for comparison. Our results show that although both static and dynamic detection methods perform well in detecting ransomware, their combination in a form of a hybrid method performs best, being able to detect ransomware with 100\% precision and having a false positive rate of less than 4\%.
Book
Foundations and Practice of Security
Volume
10723
Month
February
Publisher
Springer International Publishing
Start page number
242
End page number
258
ISBN
978-3-319-75650-9
Editor
Imine, Abdessamad and Fernandez, José M. and Marion, Jean-Yves and Logrippo, Luigi and Garcia-Alfaro, Joaquin
