Abstract
Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim’s device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages’ calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user’s device. API packages’ calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.
Highlights
Computers and electronic devices are vulnerable to viruses and all kinds of attacks
After scanning and counting the number of each application programming interface (API) package occurrences for feature extraction, we discovered that many samples have the exact same number of API packages calls
As we count the occurrences of API packages calls in each Android application, we found that some API packages have zero occurrence in many applications
Summary
Computers and electronic devices are vulnerable to viruses and all kinds of attacks. In early days of computers, users used to suffer from different malicious attacks like viruses, spywares, trojan horses, worms, etc. The first ransomware documented in 1989 was a new variant of trojan called AIDS (Aids Info Disk) Trojan. That trojan hid the directories and encrypted the names of the files. Before we describe the ransomware framework and detection, it is essential to understand. Android applications are written in java programming language and distributed as “.apk” files. APK file is a compressed file (ZIP file) that includes the following: AndroidManifest.xml file: defines the capabilities of the application and informs the Operating. All permissions are defined in this file like accessing contacts and Bluetooth. Several of .xml files: define the user interface of the application Dalvik executable or classes.dex file: all java classes and methods in the application code are repacked into one single file (classes.dex).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
