Next Article in Journal
Dual-Wide-Band Dual Polarization Terahertz Linear to Circular Polarization Converters based on Bi-Layered Transmissive Metasurfaces
Next Article in Special Issue
Multi-Point Collaborative Authentication Method Based on User Image Intelligent Collection in the Internet of Things
Previous Article in Journal
A Novel Image-Restoration Method Based on High-Order Total Variation Regularization Term
Previous Article in Special Issue
Homomorphic Encryption and Network Coding in IoT Architectures: Advantages and Future Challenges
Open AccessArticle

Ransomware Detection System for Android Applications

1
King Abdulaziz City for Science and Technology, Riyadh 11442, Saudi Arabia
2
Department of Computer of Science, Prince Sultan University, Riyadh 11586, Saudi Arabia
3
Department of Computer Science, The University of Jordan, Amman 11942, Jordan
*
Author to whom correspondence should be addressed.
Electronics 2019, 8(8), 868; https://doi.org/10.3390/electronics8080868
Received: 13 June 2019 / Revised: 22 July 2019 / Accepted: 1 August 2019 / Published: 5 August 2019
(This article belongs to the Special Issue State-of-the-Art of Cyber Security)
Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim’s device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages’ calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user’s device. API packages’ calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community. View Full-Text
Keywords: Android; malware detection; ransomware; static analysis; dataset; classification; machine learning Android; malware detection; ransomware; static analysis; dataset; classification; machine learning
Show Figures

Figure 1

MDPI and ACS Style

Alsoghyer, S.; Almomani, I. Ransomware Detection System for Android Applications. Electronics 2019, 8, 868.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop