RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

Abdulrahman Alzahrani; Ali Alshehri; Hani Alshahrani; Raed Alharthi; Huirong Fu; Anyi Liu; Ye Zhu

doi:10.1109/EIT.2018.8500161

RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

Abdulrahman Alzahrani
, Ali Alshehri
, Hani Alshahrani
, Raed Alharthi
, Huirong Fu
, Anyi Liu
, Ye Zhu

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

36 Scopus citations

Abstract

The worldwide epidemic of ransomware monetary gains has grown astonishingly. This crimeware form is emerged to extort innocent users under the threat of locking their devices and/or encrypting their files. To mitigate the growth of ransomware attacks, cybersecurity researchers have proposed various solutions based on the functionalities of those attacks. However, this polymorphic type is kept refined to increase the appearance of new families and survive against mitigation approaches. This paper introduces RanDroid, a new automated lightweight approach for detecting ransomware variants in Android platform by measuring the structural similarity between a set of collected information from an inspected application and a set of predefined threatening information collected from known ransomware variants. Furthermore, RanDroid performs a linguistic analysis on the app's code as well as image textural strings to enhance further revelation. RanDroid was evaluated using 950 ransomware samples. In addition, this approach is capable of extracting threatening messages from samples that use evasion techniques such as sophisticated codes or dynamic payloads.

Original language	English
Title of host publication	IEEE International Conference on Electro Information Technology
Place of Publication	usa
Publisher	IEEE Computer [email protected]
Pages	892-897
Number of pages	6
Volume	2018-May
ISBN (Electronic)	9781538653982
DOIs	https://doi.org/10.1109/EIT.2018.8500161
State	Published - Oct 18 2018
Event	2018 IEEE International Conference on Electro/Information Technology, EIT 2018 - Rochester, United States Duration: May 3 2018 → May 5 2018

Conference

Conference	2018 IEEE International Conference on Electro/Information Technology, EIT 2018
Country/Territory	United States
City	Rochester
Period	05/3/18 → 05/5/18

Keywords

Extorting texts
Ransomware
Similarity measurement
Threatening images

Access to Document

10.1109/EIT.2018.8500161

Cite this

Alzahrani, A., Alshehri, A., Alshahrani, H., Alharthi, R., Fu, H., Liu, A., & Zhu, Y. (2018). RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform. In IEEE International Conference on Electro Information Technology (Vol. 2018-May, pp. 892-897). Article 8500161 IEEE Computer [email protected]. https://doi.org/10.1109/EIT.2018.8500161

@inproceedings{dac2a297b077457ba7bd0a649235fdbd,

title = "RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform",

abstract = "The worldwide epidemic of ransomware monetary gains has grown astonishingly. This crimeware form is emerged to extort innocent users under the threat of locking their devices and/or encrypting their files. To mitigate the growth of ransomware attacks, cybersecurity researchers have proposed various solutions based on the functionalities of those attacks. However, this polymorphic type is kept refined to increase the appearance of new families and survive against mitigation approaches. This paper introduces RanDroid, a new automated lightweight approach for detecting ransomware variants in Android platform by measuring the structural similarity between a set of collected information from an inspected application and a set of predefined threatening information collected from known ransomware variants. Furthermore, RanDroid performs a linguistic analysis on the app's code as well as image textural strings to enhance further revelation. RanDroid was evaluated using 950 ransomware samples. In addition, this approach is capable of extracting threatening messages from samples that use evasion techniques such as sophisticated codes or dynamic payloads.",

keywords = "Extorting texts, Ransomware, Similarity measurement, Threatening images",

author = "Abdulrahman Alzahrani and Ali Alshehri and Hani Alshahrani and Raed Alharthi and Huirong Fu and Anyi Liu and Ye Zhu",

year = "2018",

month = oct,

day = "18",

doi = "10.1109/EIT.2018.8500161",

language = "English",

volume = "2018-May",

pages = "892--897",

booktitle = "IEEE International Conference on Electro Information Technology",

publisher = "IEEE Computer [email protected]",

note = "2018 IEEE International Conference on Electro/Information Technology, EIT 2018 ; Conference date: 03-05-2018 Through 05-05-2018",

}

Alzahrani, A, Alshehri, A, Alshahrani, H, Alharthi, R, Fu, H, Liu, A & Zhu, Y 2018, RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform. in IEEE International Conference on Electro Information Technology. vol. 2018-May, 8500161, IEEE Computer [email protected], usa, pp. 892-897, 2018 IEEE International Conference on Electro/Information Technology, EIT 2018, Rochester, United States, 05/3/18. https://doi.org/10.1109/EIT.2018.8500161

RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform. / Alzahrani, Abdulrahman; Alshehri, Ali; Alshahrani, Hani et al.
IEEE International Conference on Electro Information Technology. Vol. 2018-May usa: IEEE Computer [email protected], 2018. p. 892-897 8500161.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

AU - Alzahrani, Abdulrahman

AU - Alshehri, Ali

AU - Alshahrani, Hani

AU - Alharthi, Raed

AU - Fu, Huirong

AU - Liu, Anyi

AU - Zhu, Ye

PY - 2018/10/18

Y1 - 2018/10/18

N2 - The worldwide epidemic of ransomware monetary gains has grown astonishingly. This crimeware form is emerged to extort innocent users under the threat of locking their devices and/or encrypting their files. To mitigate the growth of ransomware attacks, cybersecurity researchers have proposed various solutions based on the functionalities of those attacks. However, this polymorphic type is kept refined to increase the appearance of new families and survive against mitigation approaches. This paper introduces RanDroid, a new automated lightweight approach for detecting ransomware variants in Android platform by measuring the structural similarity between a set of collected information from an inspected application and a set of predefined threatening information collected from known ransomware variants. Furthermore, RanDroid performs a linguistic analysis on the app's code as well as image textural strings to enhance further revelation. RanDroid was evaluated using 950 ransomware samples. In addition, this approach is capable of extracting threatening messages from samples that use evasion techniques such as sophisticated codes or dynamic payloads.

AB - The worldwide epidemic of ransomware monetary gains has grown astonishingly. This crimeware form is emerged to extort innocent users under the threat of locking their devices and/or encrypting their files. To mitigate the growth of ransomware attacks, cybersecurity researchers have proposed various solutions based on the functionalities of those attacks. However, this polymorphic type is kept refined to increase the appearance of new families and survive against mitigation approaches. This paper introduces RanDroid, a new automated lightweight approach for detecting ransomware variants in Android platform by measuring the structural similarity between a set of collected information from an inspected application and a set of predefined threatening information collected from known ransomware variants. Furthermore, RanDroid performs a linguistic analysis on the app's code as well as image textural strings to enhance further revelation. RanDroid was evaluated using 950 ransomware samples. In addition, this approach is capable of extracting threatening messages from samples that use evasion techniques such as sophisticated codes or dynamic payloads.

KW - Extorting texts

KW - Ransomware

KW - Similarity measurement

KW - Threatening images

UR - https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85057114660&origin=inward

UR - https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=85057114660&origin=inward

U2 - 10.1109/EIT.2018.8500161

DO - 10.1109/EIT.2018.8500161

M3 - Conference contribution

VL - 2018-May

SP - 892

EP - 897

BT - IEEE International Conference on Electro Information Technology

PB - IEEE Computer [email protected]

CY - usa

T2 - 2018 IEEE International Conference on Electro/Information Technology, EIT 2018

Y2 - 3 May 2018 through 5 May 2018

ER -

RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this