Skip to main content
SpringerLink
Log in

DNA-Droid: A Real-Time Android Ransomware Detection Framework

  • Conference paper
  • First Online:
Network and System Security (NSS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10394))

Included in the following conference series:

Abstract

Ransomware has become one of the main cyber-threats for mobile platforms and in particular for Android. The number of ransomware attacks are increasing exponentially, while even state of art approaches terribly fail to safeguard mobile devices. The main reason is that ransomware and generic malware characteristics are quite different. Current solutions produce low accuracy and high false positives in presence of obfuscation or benign cryptographic API usage. Moreover, they are inadequate in detecting ransomware attack in early stages before infection happens. In this paper, DNA-Droid, a two layer detection framework is proposed. It benefits of a dynamic analysis layer as a complementary layer on top of a static analysis layer. The DNA-Droid utilizes novel features and deep neural network to achieve a set of features with high discriminative power between ransomware and benign samples. Moreover, Sequence Alignment techniques are employed to profile ransomware families. This helps in detecting ransomware activity in early stages before the infection happens. In order to extract dynamic features, a fully automated Android sandbox is developed which is publicly available for researchers as a web service. The DNA-Droid is tested against thousands of samples. The experimental results shows high precision and recall in detecting even unknown ransomware samples, while keeping the false negative rate below 1.5%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    (http://iscxm02.cs.unb.ca/)

References

  1. Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the IEEE Symposium on Security and Privacy, p. 129140, May 1996

    Google Scholar 

  2. Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). doi:10.1007/978-3-319-26362-5_18

    Chapter  Google Scholar 

  3. Yang, T., Yang, Y., Qian, K., Lo, D.C.-T., Qian, Y., Tao, L.: Automated detection and analysis for android ransomware. In: IEEE 7th International Symposium on CSS, pp. 1338–1343. IEEE (2015)

    Google Scholar 

  4. Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Ransomware steals your phone. Formal methods rescue it. In: Albert, E., Lanese, I. (eds.) FORTE 2016. LNCS, vol. 9688, pp. 212–221. Springer, Cham (2016). doi:10.1007/978-3-319-39570-8_14

    Chapter  Google Scholar 

  5. Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. Mobile Inf. Syst. 2016, 9 (2016)

    Google Scholar 

  6. Android “FBI Lock” malware how to avoid paying the ransom. https://goo.gl/bSgNGz. Accessed 02 Jan 2017

  7. Android ransomware variant uses clickjacking to become device administrator. https://goo.gl/C1bBEJ. Accessed 02 Jan 2017

  8. Felt, A.P., et al.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on SPSM. ACM (2011)

    Google Scholar 

  9. Wang, Z., et al.: Image quality assessment: from error visibility to structural similarity. IEEE Trans. Image Process. 13(4), 600–612 (2004)

    Article  Google Scholar 

  10. Ap-Apid, R.: An algorithm for nudity detection. In: 5th Philippine Computing Science Congress (2005)

    Google Scholar 

  11. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 86–103. Springer, Cham (2013). doi:10.1007/978-3-319-04283-1_6

    Chapter  Google Scholar 

  12. Felt, A.P., et al.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on UPS. ACM (2012)

    Google Scholar 

  13. Feizollah, A., et al.: A review on feature selection in mobile malware detection. Digital Invest. 13, 22–37 (2015)

    Article  Google Scholar 

  14. Wu, D.-J., et al.: Droidmat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS). IEEE (2012)

    Google Scholar 

  15. Hinton, G.E., Osindero, S., Teh, Y.-W.: A fast learning algorithm for deep belief nets. Neural Comput. 18(7), 1527–1554 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  16. Cheng, H.-T., et al.: Wide and deep learning for recommender systems. In: 1st Workshop on Deep Learning for Recommender Systems. ACM (2016)

    Google Scholar 

  17. Chen, Y., et al.: Multiple sequence alignment and artificial neural networks for malicious software detection. In: 2012 8th International Conference on Natural Computation (ICNC). IEEE (2012)

    Google Scholar 

  18. Demuth, H.B., et al.: Neural Network Design. Martin Hagan, New York (2014)

    Google Scholar 

  19. ESET, Android ransomware up by more than 50 percent, ESET research finds. https://goo.gl/0s8xbi. Accessed 02 Jan

  20. Reverse engineering Android APK files. https://ibotpeaches.github.io/Apktool/. Accessed 02 Jan 2017

  21. Natural Language Toolkit. http://www.nltk.org/. Accessed 02 Jan 2017

  22. Simple and efficient tools for data mining and data analysis. http://scikit-learn.org/. Accessed 02 Jan 2017

  23. An library for Machine Intelligence. https://www.tensorflow.org/. Accessed 02 Jan 2017

  24. R-PackDroid Dataset. https://goo.gl/RVxfxL. Accessed 02 Jan 2017

  25. Koodous community. https://koodous.com/. Accessed 10 July 2016

  26. M Parkour. Contagio mini-dump. http://contagiominidump.blogspot.it/. Accessed 10 July 2016

  27. van der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)

    MATH  Google Scholar 

  28. Manning, C.D., Raghavan, P., Schtze, H.: Introduction to Information Retrieval, vol. 1. Cambridge University Press, Cambridge (2008)

    Book  MATH  Google Scholar 

  29. Arp, D., et al.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)

    Google Scholar 

  30. Intel, Minimum System Requirements for Android 4.2 and 4.4. https://goo.gl/I4BbIX. Accessed 10 July 2016

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada

    Amirhossein Gharib & Ali Ghorbani

Authors
  1. Amirhossein Gharib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amirhossein Gharib .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Zheng Yan

  2. Eurecom, Sophia Antipolos, Valbonne, France

    Refik Molva

  3. Warsaw University of Technology, Warsaw, Poland

    Wojciech Mazurczyk

  4. Aalto University, Espoo, Finland

    Raimo Kantola

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Gharib, A., Ghorbani, A. (2017). DNA-Droid: A Real-Time Android Ransomware Detection Framework. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64701-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64700-5

  • Online ISBN: 978-3-319-64701-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation