Journal
IEEE ACCESS
Volume 7, Issue -, Pages 20381-20393Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2018.2888568
Keywords
Android; locker-ransomware; malware detection
Categories
Funding
- National Key R&D Program of China [2017YFB0802805]
- Fundamental Research Funds for the Central Universities of China [2018JBZ103]
- Natural Science Foundation of China [U1736114, 61672092]
Ask authors/readers for more resources
In recent years, an increasing amount of locker-ransomware has been posing a great threat to the Android platform as well as users' properties. Locker-ransomware blackmails victims for ransom by compulsorily locking the devices. What is worse, a mature locker-ransomware transaction chain has taken shape on Chinese social networks. The effective detection of locker-ransomware is an emergent yet crucial issue. To deal with this issue, in this paper, we are motivated to propose a light-weight and automated method for the detection of locker-ransomware. First, we conduct a thorough survey of the locker-ransomware's transaction market and perform a comprehensive analysis of locker-ransomware's behaviors. Second, to cope with the code obfuscation problem, we extract features of both displayed texts and background operations based on the observed behaviors. The fine-grained features are extracted from multiple sources, which can profile locker-ransomware in different aspects. Finally, we employ the ensemble of four machine learning algorithms for detection. The experimental results show that our method outperforms VirusTotal. It achieves the best performance with the detection accuracy of 99.98%.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available