Professional Documents
Culture Documents
ABSTRACT-Ransomware is a big problem in So, there is a need now more than ever to
android devices and detecting its presence is the become aware of the attacks performed by the
first step in stopping its spread and malicious ransomware on people and to stop its spread. The
intent. Many propositions and models are first step to stop the spread of ransomware is to detect
researched and made for the detection of it. In this research paper, we analyze 4 research
ransomware in android devices but each approach papers related to the detection of ransomware in
has some caveats and weak points to consider. android devices. This paper presents different
This paper takes 4 of the previously done methodologies and propositions to detect this
researches on this topic and critically analyzes the ransomware which is as follows
propositions and methods mentioned in the ● DNA-Droid: A Real-Time Android
previous researches, which range from deep Ransomware Detection Framework
learning approach to human device interaction ● Extinguishing Ransomware - A Hybrid
method to detect the ransomware, based on their Approach to Android Ransomware
methodology, effectiveness, and accuracy to give a Detection
definitive answer about which of the above- ● Automated Detection and Analysis for
mentioned solution is the most optimal. Android Ransomware
● Ransom Prober: A real time ransomware
detection framework
I. INTRODUCTION
Ransomware is a sort of malware that intends to This paper states observes and analyzes these
publish or permanently block access to the victim's above-mentioned models based on methodologies
data unless a premium is paid. While some used by the researchers, based on the effectiveness of
ransomware locks the system in a way that is easy to the models in detecting the detecting the ransomware,
undo for a trained user, a more powerful virus and on the basis of the accuracy of detection which
employs a tactic known as cryptoviral extortion. It relates to how much these models generate false
encrypts the victim's files, rendering them positives.
unavailable, and demands a ransom to unlock them.
This paper then concludes by providing a
Android devices in recent years have seen a definitive answer with reasoning to state which of the
huge boom in adoption across the world so much so following model is the best and most optimal.
that as of 2021 there are approximately 3 billion
android devices around the world and with
approximately 2.5 billion active Android users in the
world. With a market share of above 70% in 2021,
it’s a huge market for malicious users to target people
with ransomware for malicious intent.
II. LITERATURE REVIEW
We will extract malicious features from the
static analysis and on its basis, it is determined
A. Automated Detection
whether to use dynamic analysis or not. In the
The use of android devices increased over the
dynamic analysis we will measure and detect
years and that there was an increase in a
ransomware based on
ransomware attack on their devices. To stop these
● Data flow and Critical path: We will run the
attacks first we have to detect these ransomware
application and observe the flow of data and also
attacks. This paper proposes an automated approach
what paths the application is trying to access.
to detect these ransomware attacks. This paper states
● Domain Access: We will observe if the
that the process of detecting ransomware should be
application is trying to access any known malicious
automated so that regular users can discern regular
domain relation to previously known ransomware
apps from malicious apps. This automation
attacks.
technique is divided into 2 major parts, the first
● Changes: we will observe if the application
being the static approach and the last being the
is trying to change some functionality without clear
dynamic approach.
indication or not.
● Permissions: it will be observed whether the
The static approach states that we would
application is trying to bypass any permission to
analyze the code of the application without running
execute something or not.
the application and Dynamic analysis states that we
have to run the application in a secure environment
Based on above-mentioned criteria the
and monitor its behavior to understand whether the
application will be deemed malicious or not.
application is malicious or not.
B. DNA Droid
For this purpose, we use static and dynamic
This paper states that previously known
approaches successively. Firstly, we will use
solutions to detect android ransomware were slow
Android API and already known ransomware attack
while having high false positives and low accuracy
patterns to statically analyze applications and if we
and to mitigate this the paper proposes a solution
find any extraordinary behavior we will use
based on deep learning to produce high accuracy
dynamic analysis techniques to observe that
and low false-positive results.
application. The application will now be run in a
closed and limited environment and its behavior will
This paper suggests the DNA Droid approach
be judged by using previously known attack
which is a layered approach using Dynamic
patterns. If the application is deemed malicious then
Analysis and using static analysis as a compliment
it will be terminated and its behavior will be
by observing features and using Deep learning NN
recorded.
to determine whether an application is malicious or
not.
In static analysis firstly the APK is decompiled
into respective files and then these files are analyzed
This DNA Droid will firstly analyze the APK
based on
statically and if a malicious application is observed
● Permissions: APK will be judged on what
then a Neural network is used to scan the application
permission it's asking.
dynamically to determine whether it is malicious or
● API Sequence: APK will be judged based on
not.
the sequence of API invoked.
This is done in the following ways.
● Resource: What resources the APK is
● The paper presents features that can detect
requesting and using is also a critical factor in
unknown ransomware.
judging its intent.
● This paper presents a method to reduce the
● Structure: APK structure can also indicate
learning process by using Deep Auto Encode.
whether the app is malicious or not.
● The paper uses Binary and Multiple related to the current activity and also by observing
Sequence Alignment to dynamically analyze the the finger input location of the user.
application to detect ransomware.
● The sandbox to DNA Droid is released This system produced extremely accurate
publicly to report malicious activities. detection results of previously collected Data Set.
1) Automated Detection:
B. Effectiveness: Accuracy for this method cannot be
found as it has not been implemented yet.
1) Automated Detection: 2) DNA Droid:
This method only seems effective An experiment was conducted on a
for Applications that are famous as it uses dataset released by state-of-the-art methods
feature comparison in dynamic analysis. for ransomware detection. DNA Droid was
able to correctly classify 429 out of 440
ransomware samples. That gives an
accuracy of 97.5%.
3) Ransomprober
IV. CONCLUSION
Experimentation was performed
among well-known ransomware detection In the above discussion, four detection methods
methods on the same dataset. It revealed, were discussed with their methodologies,
ransomprober had an accuracy of 99% in effectiveness and accuracy. It turns out all of the
successful detection of ransomwares. One methods have some degree of harm that the user will
factor that must be considered here is that eventually go through. The methods using the deep
the other methods are not made entirely on learning algorithms for training and classification are
encryption analysis. much effective as compared to other methods. The
4) Hybrid approach DNA droid and the Hybrid approach are the
Experimentation performed approaches with most accurate results. Both of these
separately on static detection and on methods take some time for detecting ransomware
dynamic detection revealed that there is a when performing dynamic analysis. That is why
99.8% accuracy rate for static detection and some degree of harm is already caused before the
85.61% accuracy rate for dynamic detection. application is classified as malicious. Hybrid
Overall, this method of hybrid approach approach can be called as the best approach here due
gives 100% accuracy in ransomware its 100% accuracy rate and least false positive rate.
detection.
V. REFERENCE
[1] Chen, Jing, et al. “Uncovering the Face of Practice of Security, 2018, pp. 242–258,
Android Ransomware: Characterization and 10.1007/978-3-319-75650-9_16.
Real-Time Detection.” IEEE Transactions on
Information Forensics and Security, vol. 13, no. [3] Gharib, Amirhossein, and Ali Ghorbani. “DNA-
5, 1 May 2018, pp. 1286–1300, Droid: A Real-Time Android Ransomware Detection
ieeexplore.ieee.org/abstract/document/8241433, Framework.” Network and System Security, 2017,
10.1109/TIFS.2017.2787905. Accessed 16 Nov. pp. 184–198, 10.1007/978-3-319-64701-2_14.
2021.
[4] Yang, Tianda, et al. “Automated Detection and
[2] Ferrante, Alberto, et al. “Extinguishing Analysis for Android Ransomware.” IEEEXplore, 1
Ransomware - a Hybrid Approach to Android Aug. 2015,
Ransomware Detection.” Foundations and ieeexplore.ieee.org/abstract/document/7336353.
Accessed 16 Nov. 2021.