KRDroid: Ransomware-Oriented Detector for Mobile Devices Based on Behaviors

KRDroid: Ransomware-Oriented Detector for Mobile Devices Based on Behaviors

Ransomware has become a serious threat on Android and new cases of ransomware are continuously growing. Most existing ransomware detectors use sensitive text or APIs to detect ransomware. Some goodware applications with the functionalities of locking screen and encrypting files have similar behavior...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Applied sciences 2021-07, Vol.11 (14), p.6557
Hauptverfasser: Wang, Senmiao, Qin, Sujuan, Qin, Jiawei, Zhang, Hua, Tu, Tengfei, Jin, Zhengping, Guo, Jing
Format: Artikel
Sprache:eng
Schlagworte:
Android
Behavior
behavior-pattern-based detection
Data encryption
Machine learning
Ransomware
ransomware analysis
ransomware detector
Sensors
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Ransomware has become a serious threat on Android and new cases of ransomware are continuously growing. Most existing ransomware detectors use sensitive text or APIs to detect ransomware. Some goodware applications with the functionalities of locking screen and encrypting files have similar behaviors with ransomware. It is difficult for ransomware detectors to identity them. In this paper, we made detailed analyses of three kinds of active ransomware. We proposed a behavior-based ransomware detector on Android, called KRDroid. KRDroid deploys on servers or PCs, that is, ransomware cannot be activated and cause any loss during testing. Experiments showed that our ransomware-oriented detector can find 1809 of 1862 unseen ransomware. It can also distinguish goodware with similar ransom behaviors to ransomware with an accuracy of 97.5%.
ISSN:2076-3417
2076-3417
DOI:10.3390/app11146557