An Efficient Machine Learning-based Approach for Android v.11 Ransomware Detection

Almomani, Iman; Alkhayer, Aala; Ahmed, Mohanned

doi:10.1109/caida51941.2021.9425059

Cited by 22 publications

(16 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These features were fed to Random forest among other machine learning algorithms to detect and classify the samples. Almomani et al [76] introduced a new detection approach for Android ransomware, based on machine learning techniques. Their study was made on Android Version 11, API level 30, and used a number of predictive models for Android ransomware.…”

Section: A: Desktop Platformsmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

The proliferation of ransomware has become a significant threat to cybersecurity in recent years, causing significant financial, reputational, and operational damage to individuals and organizations. This paper aims to provide a comprehensive overview of the evolution of ransomware, its taxonomy, and its state-of-the-art research contributions. We begin by tracing the origins of ransomware and its evolution over time, highlighting the key milestones and major trends. Next, we propose a taxonomy of ransomware that categorizes different types of ransomware based on their characteristics and behavior. Subsequently, we review the existing research over several years in regard to detection, prevention, mitigation, and prediction techniques. Our extensive analysis, based on more than 150 references, has revealed that significant research, specifically 72.8%, has focused on detecting ransomware. However, a lack of emphasis has been placed on predicting ransomware. Additionally, of the studies focused on ransomware detection, a significant portion, 70%, have utilized machine learning methods. We further discuss the challenges found such as the ones related to obtaining ransomware datasets. In addition, our study uncovers a range of shortcomings in research pertaining to real-time protection and identifying zero-day ransomware. Adversarial machine learning exploitation has been identified as an under-researched area in the field. This survey is a constructive roadmap for researchers interested in ransomware research matters.

show abstract

Section: A: Desktop Platformsmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

show abstract

“…However, from this current IoT era and its related applications have arisen several security attacks including denial of service (DoS) and malware control which alarms real threats for any IoT device [ 19 ]. To overcome the main vulnerabilities of Android IoT devices, several solutions have been proposed to detect IoT Android malicious software using machine learning [ 1 , 20 ], neural network [ 2 ], and deep learning [ 21 ].…”

Section: Literature Reviewmentioning

confidence: 99%

A Crypto-Steganography Approach for Hiding Ransomware within HEVC Streams in Android IoT Devices

Almomani

Alkhayer

El‐Shafai

2022

Sensors

Self Cite

View full text Add to dashboard Cite

Steganography is a vital security approach that hides any secret content within ordinary data, such as multimedia. This hiding aims to achieve the confidentiality of the IoT secret data; whether it is benign or malicious (e.g., ransomware) and for defensive or offensive purposes. This paper introduces a hybrid crypto-steganography approach for ransomware hiding within high-resolution video frames. This proposed approach is based on hybridizing an AES (advanced encryption standard) algorithm and LSB (least signification bit) steganography process. Initially, AES encrypts the secret Android ransomware data, and then LSB embeds it based on random selection criteria for the cover video pixels. This research examined broad objective and subjective quality assessment metrics to evaluate the performance of the proposed hybrid approach. We used different sizes of ransomware samples and different resolutions of HEVC (high-efficiency video coding) frames to conduct simulation experiments and comparison studies. The assessment results prove the superior efficiency of the introduced hybrid crypto-steganography approach compared to other existing steganography approaches in terms of (a) achieving the integrity of the secret ransomware data, (b) ensuring higher imperceptibility of stego video frames, (3) introducing a multi-level security approach using the AES encryption in addition to the LSB steganography, (4) performing randomness embedding based on RPS (random pixel selection) for concealing secret ransomware bits, (5) succeeding in fully extracting the ransomware data at the receiver side, (6) obtaining strong subjective and objective qualities for all tested evaluation metrics, (7) embedding different sizes of secret data at the same time within the video frame, and finally (8) passing the security scanning tests of 70 antivirus engines without detecting the existence of the embedded ransomware.

show abstract

“…Almomani et al [21][22][23] implemented a static analysis to extract several static features from Android malware binary files such as permissions and API calls. Subsequently, they performed machine learning techniques to detect malware applications [24]. The authors of [25] developed a static analysis with Tensorflow (SAT) malware detection system.…”

Section: Literature Surveymentioning

confidence: 99%

Visualized Malware Multi-Classification Framework Using Fine-Tuned CNN-Based Transfer Learning Models

2021

Self Cite

View full text Add to dashboard Cite

There is a massive growth in malicious software (Malware) development, which causes substantial security threats to individuals and organizations. Cybersecurity researchers makes continuous efforts to defend against these malware risks. This research aims to exploit the significant advantages of Transfer Learning (TL) and Fine-Tuning (FT) methods to introduce efficient malware detection in the context of imbalanced families without the need to apply complex features extraction or data augmentation processes. Therefore, this paper proposes a visualized malware multi-classification framework to avoid false positives and imbalanced datasets’ challenges through using the fine-tuned convolutional neural network (CNN)-based TL models. The proposed framework comprises eight different FT CNN models including VGG16, AlexNet, DarkNet-53, DenseNet-201, Inception-V3, Places365-GoogleNet, ResNet-50, and MobileNet-V2. First, the binary files of different malware families were transformed into 2D images and then forwarded to the FT CNN models to detect and classify the malware families. The detection and classification performance was examined on a benchmark Malimg imbalanced dataset using different, comprehensive evaluation metrics. The evaluation results prove the FT CNN models’ significance in detecting malware types with high accuracy that reached 99.97% which also outperforms the performance of related machine learning (ML) and deep learning (DL)-based malware multi-classification approaches tested on the same malware dataset.

show abstract

An Efficient Machine Learning-based Approach for Android v.11 Ransomware Detection

Cited by 22 publications

References 22 publications

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

A Crypto-Steganography Approach for Hiding Ransomware within HEVC Streams in Android IoT Devices

Visualized Malware Multi-Classification Framework Using Fine-Tuned CNN-Based Transfer Learning Models

Contact Info

Product

Resources

About