Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection

In recent years, we witnessed a drastic increase of ransomware, especially on popular mobile platforms including Android. Ransomware extorts victims for a sum of money by taking control of their devices or files. In light of their rapid growth, there is a pressing need to develop effective counterme...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:IEEE transactions on information forensics and security Ročník 13; číslo 5; s. 1286 - 1300
Hlavní autori: Chen, Jing, Wang, Chiheng, Zhao, Ziming, Chen, Kai, Du, Ruiying, Ahn, Gail-Joon
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: IEEE 01.05.2018
Predmet:
Android
Androids
Encryption
Humanoid robots
Malware
Mobile handsets
Ransomware
real-time detection
Real-time systems
user interface (UI) indicator
ISSN:1556-6013, 1556-6021
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:In recent years, we witnessed a drastic increase of ransomware, especially on popular mobile platforms including Android. Ransomware extorts victims for a sum of money by taking control of their devices or files. In light of their rapid growth, there is a pressing need to develop effective countermeasure solutions. However, the research community is still constrained by the lack of a comprehensive data set, and there exists no insightful understanding of mobile ransomware in the wild. In this paper, we focus on the Android platform and aim to characterize existing Android ransomware. Specifically, we have managed to collect 2,721 ransomware samples that cover the majority of existing Android ransomware families. Based on these samples, we systematically characterize them from several aspects, including timeline and malicious features. In addition, the detection results of existing anti-virus tools are rather disappointing, which clearly calls for customized anti-mobile-ransomware solutions. To detect ransomware that extorts users by encrypting data, we propose a novel real-time detection system, called RansomProber. By analyzing the user interface widgets of related activities and the coordinates of users' finger movements, RansomProber can infer whether the file encryption operations are initiated by users. The experimental results show that RansomProber can effectively detect encrypting ransomware with high accuracy and acceptable runtime performance.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2017.2787905