RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

Alzahrani, Abdulrahman; Alshehri, Ali; Alshahrani, Hani; Alharthi, Raed; Fu, Huirong; Liu, Anyi; Zhu, Ye

doi:10.1109/eit.2018.8500161

Cited by 26 publications

(12 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The reason for this is because the objective of a ransomware is to demand a ransom from its victim. Thus, it must have a threatening message embedded in its code [13]. However, the threatening message could be another payload after the encryption of the victim's files.…”

Section: Literature Reviewmentioning

confidence: 99%

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

et al. 2019

View full text Add to dashboard Cite

Ransomware is a relatively new type of intrusion attack, and is made with the objective of extorting a ransom from its victim. There are several types of ransomware attacks, but the present paper focuses only upon the crypto-ransomware, because it makes data unrecoverable once the victim’s files have been encrypted. Therefore, in this research, it was proposed that machine learning is used to detect crypto-ransomware before it starts its encryption function, or at the pre-encryption stage. Successful detection at this stage is crucial to enable the attack to be stopped from achieving its objective. Once the victim was aware of the presence of crypto-ransomware, valuable data and files can be backed up to another location, and then an attempt can be made to clean the ransomware with minimum risk. Therefore we proposed a pre-encryption detection algorithm (PEDA) that consisted of two phases. In, PEDA-Phase-I, a Windows application programming interface (API) generated by a suspicious program would be captured and analyzed using the learning algorithm (LA). The LA can determine whether the suspicious program was a crypto-ransomware or not, through API pattern recognition. This approach was used to ensure the most comprehensive detection of both known and unknown crypto-ransomware, but it may have a high false positive rate (FPR). If the prediction was a crypto-ransomware, PEDA would generate a signature of the suspicious program, and store it in the signature repository, which was in Phase-II. In PEDA-Phase-II, the signature repository allows the detection of crypto-ransomware at a much earlier stage, which was at the pre-execution stage through the signature matching method. This method can only detect known crypto-ransomware, and although very rigid, it was accurate and fast. The two phases in PEDA formed two layers of early detection for crypto-ransomware to ensure zero files lost to the user. However in this research, we focused upon Phase-I, which was the LA. Based on our results, the LA had the lowest FPR of 1.56% compared to Naive Bayes (NB), Random Forest (RF), Ensemble (NB and RF) and EldeRan (a machine learning approach to analyze and classify ransomware). Low FPR indicates that LA has a low probability of predicting goodware wrongly.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Rule-Based Detection Three rule-based mobile ransomware detection systems were proposed by researchers that use threshold values for detection. RanDroid [24] extracts images and strings from applications and calculates their similarity to the images and strings of ransomware samples. Based on the threshold values, it detects mobile ransomware.…”

Section: Ransomware Detection For Mobile Devicesmentioning

confidence: 99%

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

et al. 2022

View full text Add to dashboard Cite

In recent years, ransomware has been one of the most notorious malware targeting end-users, governments, and business organizations. It has become a very profitable business for cybercriminals with revenues of millions of dollars, and a very serious threat to organizations with financial loss of billions of dollars. Numerous studies were proposed to address the ransomware threat, including surveys that cover certain aspects of ransomware research. However, no study exists in the literature that gives the complete picture on ransomware and ransomware defense research with respect to the diversity of targeted platforms. Since ransomware is already prevalent in PCs/workstations/desktops/laptops, is becoming more prevalent in mobile devices, and has already hit IoT/CPS recently, and will likely grow further in the IoT/CPS domain very soon, understanding ransomware and analyzing defense mechanisms with respect to target platforms is becoming more imperative. In order to fill this gap and motivate further research, in this paper, we present a comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms. Specifically, covering 137 studies over the period of 1990-2020, we give a detailed overview of ransomware evolution, comprehensively analyze the key building blocks of ransomware, present a taxonomy of notable ransomware families, and provide an extensive overview of ransomware defense research (i.e., analysis, detection, and recovery) with respect to platforms of PCs/workstations, mobile devices, and IoT/CPS. Moreover, we derive an extensive list of open issues for future ransomware research. We believe this survey will motivate further research by giving a complete picture on state-of-the-art ransomware research.

show abstract

“…It also has better accuracy, recall rate, precision rate and F-measure than K-Nearest Neighbor, Neural Network, Support Vector Machine and Random Forest. Another enhanced solution is a novel lightweight approach known as RanDroid for automated detection of polymorphic ransomware (Alzahrani et al, 2018). The technique detects new ransomware variants on Android platforms using the structural similarity measures between features extracted from an application and a set of threat data extracted from known ransomware variants.…”

Section: Static and Dynamic Analysismentioning

confidence: 99%

“…The proposed technique should be prototyped and deployed in a real-world IoT environment in order to evaluate and refine it. A future work should focus on increasing the accuracy of Randroid proposed by Alzahrani et al (2018) by adding of more samples of malicious images and strings to the ISM database and the SSM database respectively. The new images should include logos of governments and icons of law enforcement agencies.…”

Section: Future Research Directionsmentioning

confidence: 99%

Trends and Future Directions in Automated Ransomware Detection

Jegede

Fadele²,

Onoja³

et al. 2022

JCSI

View full text Add to dashboard Cite

Ransomware attacks constitute major security threats to personal and corporate data and information. A successful ransomware attack results in significant security and privacy violations with attendant financial losses and reputational damages to owners of computer-based resources. This makes it imperative for accurate, timely and reliable detection of ransomware. Several techniques have been proposed for ransomware detection and each technique has its strengths and limitations. The aim of this paper is to discuss the current trends and future directions in automated ransomware detection. The paper provides a background discussion on ransomware as well as historical background and chronology of ransomware attacks. It also provides a detailed and critical review of recent approaches to ransomware detection, prevention, mitigation and recovery. A major strength of the paper is the presentation of the chronology of ransomware attacks from its inception in 1989 to the latest attacks occurring in 2021. Another strength of the study is that a large proportion of the studies reviewed were published between 2015 and 2022. This provides readers with an up-to-date knowledge of the state-of-the-art in ransomware detection. It also provides insights into advances in strategies for preventing, mitigating and recovering from ransomware attacks. Overall, this paper presents researchers with open issues and possible research problems in ransomware detection, prevention, mitigation and recovery.

show abstract

RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

Cited by 26 publications

References 19 publications

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

Trends and Future Directions in Automated Ransomware Detection

Contact Info

Product

Resources

About