On the effectiveness of system API-related information for Android ransomware detection

SCALAS, MICHELE
First
;Maiorca, Davide
Second
;Giacinto, Giorgio
Last
2019-01-01

Abstract

Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were tailored to identifying malware families, without a clear focus on ransomware. More specifically, such approaches resorted to complex information types such as permissions, user-implemented API calls, and native calls. However, this led to significant drawbacks concerning complexity, resilience against obfuscation, and explainability. To overcome these issues, in this paper, we propose and discuss learning-based detection strategies that rely on System API information. These techniques leverage the fact that ransomware attacks heavily resort to System API to perform their actions, and allow distinguishing between generic malware, ransomware and goodware. We tested three different ways of employing System API information, i.e., through packages, classes, and methods, and we compared their performances to other, more complex state-of-the-art approaches. The attained results showed that systems based on System API could detect ransomware and generic malware with very good accuracy, comparable to systems that employed more complex information. Moreover, the proposed systems could accurately detect novel samples in the wild and showed resilience against static obfuscation attempts. Finally, to guarantee early on-device detection, we developed and released on the Android platform a complete ransomware and malware detector (R-PackDroid) that employed one of the methodologies proposed in this paper.
2019
Inglese
COMPUTERS & SECURITY
86
168
182
15
WOS:000483406200010
2-s2.0-85067622945
https://www.sciencedirect.com/science/article/pii/S0167404819301178?via=ihub
Comitato scientifico
internazionale
scientifica
Malware; Android; Ransomware; Machine Learning; Security
no
Scalas, Michele; Maiorca, Davide; Mercaldo, Francesco; Visaggio, Corrado Aaron; Martinelli, Fabio; Giacinto, Giorgio
1.1 Articolo in rivista
info:eu-repo/semantics/article
1 Contributo su Rivista::1.1 Articolo in rivista
262
6
partially_open
Files in This Item:
File Size Format  
scalas19_cose.pdf

open access

Description: Articolo Principale
Type: versione pre-print
Size 706.92 kB
Format Adobe PDF
View/Open
706.92 kB Adobe PDF View/Open
computers & security 8 6 (2019) 168–182.pdf

Solo gestori archivio

Description: articolo
Type: versione editoriale
Size 1.68 MB
Format Adobe PDF
& nbsp; View / Open   Request a copy
1.68 MB Adobe PDF & nbsp; View / Open   Request a copy

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Questionnaire and social

Share on:
Impostazioni cookie