Abstract
Ransomware attacks disrupt and disable systems, demanding a ransom from the victim to restore functionality. Most of the state-of-the-art approaches focus on analyzing their behaviour at the post-infection, to identify ransomware and therefore, fails to detect at the early stage. This work proposes a ransomware detection mechanism named Weapon, to identify the threat at the pre-operational stage in Android system. Weapon extracts the key features from the behavioural characteristics (permissions and API calls) of the APK file and generates semantic features. Consequently, the MITRE ATT&CK framework is used to correlate with the semantic features to detect ransomware before its operational stage efficiently. The experimental results demonstrate that our approach could successfully identify 89.82% ransomware samples at the pre-operational stage.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
