IIT Home Page CNR Home Page

R-PackDroid: API Package-Based Characterization and Detection of Mobile Ransomware

Ransomware has become a serious and concrete threat for mobile platforms and in particular for Android. In this paper, we propose R-PackDroid, a machine learning system for the detection of Android ransomware. Differently to previous works, we leverage information extracted from system API packages, which allow to characterize applications without specific knowledge of user-defined content such as the application language or strings. Results attained on very recent data show that it is possible to detect Android ransomware and to distinguish it from generic malware with very high accuracy. Moreover, we used R-PackDroid to flag applications that were detected as ransomware with very low confidence by the VirusTotal service. In this way, we were able to correctly distinguish true ransomware from false positives, thus providing valuable help for the analysis of these malicious applications.
ACM Symposium on Applied Computing (SAC 2017), Marrakech, Morocco, 2017

Autori esterni: Davide Maiorca (Dipartimento di Ingegneria e Architettura, Università degli Studi di Cagliari), Giorgio Giacinto (Dipartimento di Ingegneria e Architettura, Università degli Studi di Cagliari), Corrado Aaron Visaggio (Dipartimento di Ingegneria, Università degli Studi del Sannio)
Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: 2016_Ransomware_Detection.pdf

Attività: Sicurezza di dispositivi mobili