Abstract
Ransomware attacks are not only limited to Personal Computers but are increasing rapidly to target smart-phones as well. The attackers target smart-phone devices to steal users’ personal information for monetary purposes. However, Android is the most widely used mobile operating system with the largest market share in the world that makes it a primary target for cyber-criminals to attack. The existing research towards the detection of Android ransomware lacks significant features and works with supervised machine learning techniques. But there are several restrictions in supervised machine learning techniques such as these techniques heavily rely on anti-virus vendors to provide explicit labels and the given sample can be wrongly classified if the training set does not include related examples and/or if the labels are incorrect. Moreover, it may not detect unknown ransomware samples in real-time situations due to the absence of historical targets in the real world. In this work, an attempt is made for an in-depth investigation of Android ransomware with reverse engineering and forensic analysis to extract static features. Furthermore, a novel RansomDroid framework on clustering based unsupervised machine learning techniques is proposed to address the issues such as mislabeling of historical targets and detecting unforeseen Android ransomware. To the best of our knowledge, performing unsupervised machine learning techniques for the detection of Android ransomware is still an open area of research that has not been explored by the researchers yet. The proposed RansomDroid framework employs a Gaussian Mixture Model that has a flexible and probabilistic approach to model the dataset. RansomDroid framework utilizes feature selection and dimensionality reduction to further improve the performance of the model. The experimental results show that the proposed RansomDroid framework detects Android ransomware with an accuracy of 98.08% in 44 ms.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Forensic Science International: Digital Investigation
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
