..............................
..............................
..............................
An Ensemble-based Supervised Machine Learning Framework for Android Ransomware Detection
With latest development in technology, the usage of smartphones to fulfill day-to-day requirements has been increased.
The Android-based smartphones occupy the largest market share among other mobile operating systems. The hackers are
continuously keeping an eye on Android-based smartphones by creating malicious apps housed with ransomware functionality
for monetary purposes. Hackers lock the screen and/or encrypt the documents of the victim’s Android based smartphones after
performing ransomware attacks. Thus, in this paper, a framework has been proposed in which we (1) utilize novel features of
Android ransomware, (2) reduce the dimensionality of the features, (3) employ an ensemble learning model to detect Android
ransomware, and (4) perform a comparative analysis to calculate the computational time required by machine learning models
to detect Android ransomware. Our proposed framework can efficiently detect both locker and crypto ransomware. The
experimental results reveal that the proposed framework detects Android ransomware by achieving an accuracy of 99.67% with
Random Forest ensemble model. After reducing the dimensionality of the features with principal component analysis technique;
the Logistic Regression model took least time to execute on the Graphics Processing Unit (GPU) and Central Processing Unit
(CPU) in 41 milliseconds and 50 milliseconds respectively.
[1] Abdullah Z., Muhadi F., Saudi M., Hamid I., and Foozy C., “Android Ransomware Detection Based on Dynamic Obtained Features,” in Proceedings of International Conference on Soft Computing and Data Mining,Cham, pp. 121-129, 2020.
[2] Abuthawabeh M. and Mahmoud K., “Android Malware Detection and Categorization Based on Conversation-level Network Traffic Features,” in Proceedings of the International Arab Conference on Information Technology, Al Ain, pp. 42-47, 2019.
[3] Allix K., Bissyandé T., Klein J., and Traon Y., “Androzoo: Collecting Millions of Android Apps for the Research Community,” in Proceedings of the International Conference on Mining Software Repositories, Texas, pp. 468-471, 2016.
[4] Andronio N., Zanero S., and Maggi F., “Heldroid: Dissecting and Detecting Mobile Ransomware,” in Proceedings of the International Symposium on Recent Advances in Intrusion Detection, Kyoto, pp. 382-404, 2015.
[5] Arivudainambi D. and Visu P., “Malware Traffic Classification using Principal Component Analysis and Artificial Neural Network for Extreme Surveillance,” Computer Communications, vol. 47, pp. 50-57, 2019.
[6] Asano S., Maruyama T., and Yamaguchi Y., “Performance Comparison of FPGA, GPU and CPU in Image Processing,” in Proceedings of the International Conference on Field Programmable Logic and Applications, Czech Republic, pp. 126- 131, 2009.
[7] Buczak A. and Guven E., “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys and Tutorials, vol. 18, no. 2, pp. 1153-1176, 2016.
[8] Chakraborty T., Pierazzi F., and Subrahmanian V., “EC2 : Ensemble Clustering and Classification for Predicting Android Malware Families,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 2, pp. 262-277, 2017.
[9] Chen J., Wang C., Zhao Z., Chen K., Du R., and Ahn G., “Uncovering the face of Android Ransomware: Characterization and Real-time Detection,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 5, pp. 1286- 1300, 2018.
[10] Faruki P., Bharmal A., Laxmi V., Ganmoor V., Gaur M., Conti M., and Rajarajan M., “Android Security: A Survey of Issues, Malware Penetration, and Defenses,” IEEE Communications Surveys and Tutorials, vol. 17, no. 2, pp. 998-1022, 2015.
[11] Ferrante A., Malek M., Martinelli F., Mercaldo F., and Milosevic J., “Extinguishing Ransomware -A Hybrid Approach to Android Ransomware Detection,” in Proceedings of the International Symposium on Foundations and Practice of Security, Nancy, pp. 242-258, 2017.
[12] Gharib A. and Ghorbani A., “DNA-Droid: A Real- Time Android Ransomware Detection Framework,” in Proceedings of the International 99.6798.3198.197 95.49 93949596979899100 Accuracy (%) An Ensemble-based Supervised Machine Learning Framework for Android ... 429 Conference on Network and System Security, Cham, pp. 184-198, 2017.
[13] Kashefi I., Kassiri M., and Salleh M., “Preventing Collusion Attack in Android,” The International Arab Journal of Information Technology, vol. 12, no. 6, pp. 719-727, 2015.
[14] Maiorca D., Mercaldo F., Giacinto G., Visaggio C., and Martinelli F., “R-PackDroid : API Package-Based Characterization and Detection of Mobile Ransomware,” in Proceedings of the International Symposium on Applied Computing, Morocco, pp. 1718-1723, 2017.
[15] Mercaldo F., Nardone V., and Santone A., “Ransomware inside out,” in Proceedings of the International Conference on Availability, Reliability, and Security, Salzburg, pp. 628-637, 2016.
[16] Milosevic N., Dehghantanha A., and Choo K., “Machine Learning Aided Android Malware Classification,” Computers and Electrical Engineering, vol. 61, pp. 266-274, 2017.
[17] Muppavarapu V., Rajendran A., and Vasudevan S., “Phishing Detection using RDF and Random Forests,” The International Arab Journal of Information Technology, vol. 15, no. 5 pp. 817- 824, 2018.
[18] Nauman M. and Khan S., “Design and Implementation of a Fine-Grained Resource Usage Model for the Android Platform,” The International Arab Journal of Information Technology, vol. 8, no. 4, pp. 440-448, 2011.
[19] Panigrahi C., Tiwari M., Pati B., and Prasath R., Malware Detection in Big Data Using Fast Pattern Matching: A Hadoop Based Comparison on GPU,” in Proceedings of the International Conference on Mining Intelligence and Knowledge Exploration, Cham, pp. 407-416, 2014.
[20] Saracino A., Sgandurra D., Dini G., and Martinelli F., “Madam: Effective and Efficient Behavior- Based Android Malware Detection and Prevention,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 1, pp. 83-97, 2016.
[21] Scalas M. Maiorca D., Mercaldo F., Visaggio C., Martinelli F., and Giacinto G., “On the Effectiveness of System API-Related Information for Android Ransomware Detection,” Computers and Security, vol. 86, pp. 168-182, 2019.
[22] Sharma S. Kumar N., Kumar R., and Krishna C., “The Paradox of Choice: Investigating Selection Strategies for Android Malware Datasets Using a Machine-learning Approach,” Communications of the Association for Information Systems, vol. 46, no. 1, pp. 619-637, 2020.
[23] Sharma S., Krishna R., and Kumar R., “Android Ransomware Detection using Machine Learning Techniques: A Comparative Analysis on GPU and CPU,” in Proceedings ofInternational Arab Conference on Information Technology, 6th of October city, pp. 1-6, 2020.
[24] Sharma S., Krishna C., and Kumar R., “A Survey on Analysis and Detection of Android Ransomware,” Concurrency and Computation: Practice and Experience, pp.1-25, 2021.
[25] Sharma S., Kumar R., and Krishna C. R., “Ransom Analysis: The Evolution and Investigation of Android Ransomware” in Proceedings of International Conference on IoT Inclusive Life, Chandigarh, pp. 33-41, 2020.
[26] Su D., Liu J., Wang X., and Wang W., “Detecting Android Locker-Ransomware on Chinese Social Networks,” IEEE Access, vol. 7, pp. 20381-20393, 2018.
[27] Wang S., Yan Q., Chen Z., Yang B., Zhao C., and Conti M., “Detecting Android Malware Leveraging Text Semantics of Network Flows,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 5, pp. 1096-1109, 2018. Shweta Sharma is pursuing Ph.D. from the Dept. of Computer Science and Engineering at NITTTR Chandigarh, India. She received M.Tech from Central University of Punjab, Bathinda. Her research areas include Smartphone Security, Malware Detection, and Machine Learning. Rama Krishna Challa is a Professor in the Dept. of Computer Science and Engineering at NITTTR, Chandigarh, India. He received his Ph.D. from IIT Kharagpur and M.Tech. from CUSAT Cochin. His research areas include Wireless Communications and Networks,and Cyber Security. Rakesh Kumar is an Associate Professor in the Dept. of Computer Science and Engineering at CUH, Mahendergarh, India. He received his PhD from NIT, Kurukshetra and M.Tech from GGSIPU. His research areas include Wireless Networks, Mobile Computing, and Cloud Computing.