Research on Android ransomware protection technology

Abstract

Abstract:

With the popularity of smart devices such as smartphones and pads, the attack of Android ransomware is becoming increasingly serious. Compared with other malicious software, ransomware is widely favored by hackers because of hard restoration and the directness of obtaining benefits, which also brings serious spiritual and property damage to users. To protect our smart devices from ransomware and reduce threats and losses, researchers conduct a lot of research on Android ransomware and propose many practical detection schemes. This paper first summarizes the characteristics of Android ransomware, and then summarizes the existing research work on detecting and safeguarding against ransomware on the Android platform and makes a comprehensive analysis and comparison on them. Finally, we point out the remaining problems of these solutions, put forward corresponding suggestions and discuss future research directions.

Key words: ransomware, Android, detection, safeguard

HU Jian-wei,ZHANG Yu,CUI Yan-peng. Research on Android ransomware protection technology[J]. Computer Engineering & Science.

References ［45］

［1］	Kirda A, Arshad S,Mulliner C,et al.UNVEIL: A large-scale,automated approach to detecting ransomware (keynote)［C］∥
	Proc of the 24th International Conference on Software Analysis,Evolution and Reengineering (SANER),2017: 1.
［2］	Kharraz A,Robertson W,Balzarotti D,et al.Cutting the Gordian Knot: A look under the hood of ransomware attacks［C］∥
	Proc of the 12th International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment,2015:3-24.
［3］	2018 Internet security threat report［EB/OL］.［2019-06-02］.https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf.
［4］	2019 Internet security threat report［EB/OL］.［2019-06-02］.https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf.
［5］	Monika, Zavarsky P,Lindskog D.Experimental analysis of ransomware on Windows and Android platforms: Evolution and characterization［J］.Procedia Computer Science,2016,94:465-472.
［6］	Bander A S A,Mohd A M,Syed Z M S.Ransomware threat success factors,taxonomy,and countermeasures: A survey and research directions［J］.Computers & Security,2018,74:144-166.
［7］	Mobile phone lock screen extortion first seen in China［EB/OL］.［2019-06-05］.http://blogs.360.cn/post/analysis_of_ransomware.html.(in Chinese)
［8］	Android Marshmallow will not go soft on mobile ransomware［EB/OL］.［2019-06-06］.https://www.symantec.com/connect/blogs/android-marshmallow-will-not-go-soft-mobile-ran- somware.
［9］	Wang Chi-heng,Chen Jing,Chen Xiang-yun,et al.An Android ransomware detection method based on evidence chain generation［J］.Chinese Journal of Computers,2018,41(10):2344-2358.(in Chinese)
［10］	Maiorca D,Mercaldo F,Giacinto G,et al.R-PackDroid: API package-based characterization and detection of mobile ransomware［C］∥
	Proc of the 32nd ACM SIGAPP Symposium on Applied Computing,2017:1718-1723.
［11］	Kanwal M,Thakur S,Lashkari R.An app based on static analysis for Android ransomware［C］∥Proc of the 8th International Conference on Computing Communication and Automation,2017:1-6.
［12］	Song S,Kim B,Lee S.The effective ransomware prevention technique using process monitoring on Android platform［J］.Mobile Information Systems,2016(1):1-9.
［13］	Hong Shuang-xi, Liu Chuan-chang,Ren Bing-fei,et al. Poster:Sdguard:An Android application implementing privacy protection and ransomware detection［C］∥
	Proc of the 15th Annual International Conference on Mobile Systems,Applications,and Services,2017:149.
［14］	Andronio N,Zanero S,Maggi F.HelDroid: Dissecting and detecting mobile ransomware［C］∥Proc of the 18th International Symposium on Recent Advances in Intrusion Detection,2015:382-404.
［15］	Zheng Cheng-yu, Dellarocca N, Andronio N, et al.GreatEatlon: Fast,static detection of mobile ransomware［C］∥Proc of the 12th International Conference on Security and Privacy in Communication Networks,2016:617-636.
［16］	Yang Tian-da,Yang Yu,Qian Kai,et al.Automated detection and analysis for Android ransomware［C］∥Proc of the 12th International Conference on Embedded Software and Systems,2015:1338-1343.
［17］	Gharib A,Ghorbani A.DNA-Droid: A real-time Android ransomware detection framework［C］∥Proc of the 11th International Conference on Network and System Security,2017:184-198.
［18］	Ferrante A,Malek M,Martinelli F,et al.Extinguishing ransomware-A hybrid approach to Android ransomware detection［C］∥
	Proc of the 10th International Symposium on Foundations and Practice of Security,2017:242-258.
［19］	Abdulrahman A, Alshehri A, Alshahrani H,et al.RanDroid: Structural similarity approach for detecting ransomware applications in Android platfrom［C］∥
	Proc of the 13th International Conference on Electro/Information Technology,2018:892-897.
［20］	He Fei,Zhang Li-jun.The preface of software formal verification topics［J］.Journal of Software,2019,30(7):1901-1902.(in Chinese)
［21］	Formal methods［EB/OL］.［2019-10-11］.https://en.wikipedia.org/wiki/Formal_methods.
［22］	Mercaldo F, Nardone V, Santone A,et al.Ransomware steals your phone.Formal methods rescue it［C］∥
	Proc of the 36th International Conference on Formal Techniques for Distributed Objects,Components,and Systems,2016:212-221.
［23］	Cimitile A,Mercaldo F,Nardone V,et al.Talos: No more ransomware victims with formal methods［J］.International Journal of Information Security,2018,17(6):719-738.
［24］	Machine learning［EB/OL］.［2019-10-11］.https://en.wikipedia.org/wiki/Machine_learning.
［25］	Karimi A, Moattar M H. Android ransomware detection using reduced opcode sequence and image similarity［C］∥
	Proc of the 7th International Conference on Computer and Knowledge Engineering (ICCKE),2017:229-234.
［26］	R-PackDroid: Practical on-device detection of Android ransomware［EB/OL］.［2019-6-20］.https://www.researchgate.net/publication/317160536_R-PackDroid_API_package-based_characterization_and_detection_of_mobile_ransomware.
［27］	Baldwin J,Dehghantanha A.Leveraging support vector machine for opcode density based detection of crypto-ransomware［M］∥
	Cyber Threat Intelligence,Berlin:Springer,2018:107-136.
［28］	Su Dan,Liu Ji-qiang,Wang Xiao-yang,et al.Detecting Android locker-ransomware on Chinese social networks［J］.IEEE Access,2019,7(1):20381-20393.
［29］	Chen Jing,Wang Chi-heng,Zhao Zi-ming,et al.Uncovering the face of Android ransomware: Characterization and real-time detection［J］.IEEE Transactions on Information Forensics and Security,2018,13(5):1286-1300.
［30］	Ko J,Jo J,Kim D,et al.Real time Android ransomware detection by analyzed Android applications［C］∥
	Proc of the 3rd International Conference on Electronics,Information and Communications (ICEIC),2019:1-5.
［31］	Kim D Y, Choi G Y, Lee J H. White list-based ransomware real-time detection and prevention for user device protection［C］∥
	Proc of the 32nd International Conference on Consumer Electronics,2018:1-5.
［32］	Yalew S D,Maguire G Q,Haridi S,et al.Hail to the Thief: Protecting data from mobile ransomware with ransomsafedroid［C］∥
	Proc of the 6th International Symposium on Network Computing and Applications,2017:351-358.
［33］	Information entropy ［EB/OL］. ［2019-11-20］.https://baike.baidu.com/item/%E4%BF%A1%E6%81%AF%E7%86%B5.(in Chinese)
［34］	Baysa D,Low R M,Stamp M.Structural entropy and metamorphic malware［J］.Journal of Computer Virology and Hacking Techniques,2013,9(4):179-192.
［35］	Ugarte-Pedrero X,Santos I,Sanz B,et al.Countering entropy measure attacks on packed software detection［C］∥
	Proc of the 9th Annual IEEE Consumer Communications and Networking Conference-Security and Content Protection,2012:164-168.
［36］	Lyda R,Hamrock J.Using entropy analysis to find encrypted and packed malware［J］.IEEE Security & Privacy,2007,5(2):40-45.
［37］	Cuzzocrea A,Martinelli F,Mercaldo F.A novel structural-entropy-based classification technique for supporting Android ransomware detection and analysis［C］∥
	Proc of the 28th International Conference on Fuzz Systems (FUZZ-IEEE),2018:1-7.
［38］	Wang Shan-shan, Chen Zhen-xiang, Zhang Lei, et al. TrafficAV: An effective and explainable detection of mobile malware behavior using network traffic［C］∥
	Proc of the 24th International Symposium on Quality of Service (IWQoS),2016:1-6.
［39］	Cam N T,Phuoc N C H.NeSeDroid—Android malware detection based on network traffic and sensitive resource accessing［C］∥
	Proc of the 1st International Conference on Data Engineering and Communication Technology,2016:19-30.
［40］	Su Xin,Lin Jiu-chuan,Shen Fu-hui,et al.Two-phases detection scheme: Detecting Android malware in Android markets［C］∥
	Proc of the International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI,2018:389-399.
［41］	Zulkifli A,Hamid I R A,Shah W M,et al.Android malware detection based on network traffic using decision tree algorithm［C］∥
	Proc of the 3rd International Conference on Soft Computing and Data Mining (SCDM 2018),2018:485-494.
［42］	Puerta J G,Pastor-López I,Sanz B,et al.Network traffic analysis for Android malware detection［C］∥
	Proc of the 14th International Conference on Hybrid Artificial Intelligent Systems,2019:4-6.
［43］	Unknow ransomware detection based on abnormal behavior［EB/OL］.［2019-11-12］.https://paper.seebug.org/431/.(in Chinese)
［44］	Lei Chun, Li Na. A ransomware testing method based on file damage degree［J］.Journal of Information Security Research,2018,4(4):387-392.(in Chinese)
［45］	Xu Bing,Liu Xiao-jie,Li Shuai.Encrypted ransomware detecting method based on file features［J］.Journal of Data Communication,2019(2):5-8.(in Chinese)
	附中文参考文献：
［7］	手机锁屏勒索国内首现身［EO/OL］.［2019-06-05］.http://blogs.360.cn/post/analysis_of_ransomware.html.
［9］	王持恒，陈晶，陈祥云，等.基于证据链生成的Android勒索软件检测方法［J］.计算机学报,2018,41(10):2344-2358.
［20］	贺飞,张立军.软件形式化验证专题前言［J］.软件学报,2019,30(7):1901-1902.
［33］	信息熵［EB/OL］.［2019-11-20］.https://baike.baidu.com/item/%E4%BF%A1%E6%81%AF%E7%86%B5.
［43］	基于异常行为的未知勒索软件检测［EB/OL］.［2019-11-12］.https://paper.seebug.org/431/.
［44］	雷春,李娜.一种基于文件损坏度的勒索软件检测方法［J］.信息安全研究,2018,4(4):387-392.
［45］	徐兵,刘晓洁,李帅.基于文件特征的加密型勒索软件检测方法［J］.数据通信,2019(2):5-8.

[1]	YIN Chun-yong, FENG Meng-xue. A semi-supervised log anomaly detection method based on attention mechanism [J]. Computer Engineering & Science, 2023, 45(08): 1405-1415.
[2]	YIN Jie, HUANG Xiao-yu, LIU Jia-yin, NIU Bo-wei, XIE Wen-wei, . An Android malware detection method based on pre-trained language model [J]. Computer Engineering & Science, 2023, 45(08): 1433-1442.
[3]	WU Dong-liang, LIU Zhi-gui, . An electronic component defect detection method based on lightweight YOLOX [J]. Computer Engineering & Science, 2023, 45(08): 1463-1471.
[4]	HU Qing-meng, , WANG Hong-bin, WANG Jun-zhong. A Chinese event detection method based on nugget proposal network with part-of-speech attention mechanism [J]. Computer Engineering & Science, 2023, 45(08): 1490-1497.
[5]	LIU Yang, SU Hang, HE Qian, SHEN Pu, LIU Peng. An equipment fault detection method based on cloud-edge collaboration variational autoencoder neural network [J]. Computer Engineering & Science, 2023, 45(07): 1188-1196.
[6]	CAO Yu-dong, CHEN Dong-hao, CAO Rui, ZHAO Lang. An online multi-pedestrian tracking method with Mask R-CNN [J]. Computer Engineering & Science, 2023, 45(07): 1216-1225.
[7]	LIU Hao-han, SUN Cheng, HE Huai-qing, HUI Kang-hua. Metal surface defect detection based on improved YOLOv3 [J]. Computer Engineering & Science, 2023, 45(07): 1226-1235.
[8]	WANG Xiao-qi, ZHAO Xuan-zhi, LIU Zeng-li, . Underwater image edge detection based on multi-scale wavelet and Tsallis entropy [J]. Computer Engineering & Science, 2023, 45(07): 1245-1252.
[9]	LUO Xiao-xia, DENG Yong, YE Ou. A multi-stage adaptive hat detection algorithm in complex scenes [J]. Computer Engineering & Science, 2023, 45(07): 1253-1262.
[10]	. Double-Bagging based feature dimension reduction heterogenous integrated intrusion detection [J]. Computer Engineering & Science, 2023, 45(06): 1011-1019.
[11]	TIAN Xiu-xia, LIU Zheng, LIU Qiu-xu, LI Hao-ran. An image tampering detection model based on improved Faster R-CNN [J]. Computer Engineering & Science, 2023, 45(06): 1030-1039.
[12]	LI Xiao-lin, WANG Fu-gang, ZHANG Peng-fei, ZHANG Lin-yu, . YOLOv5s algorithm optimization based on multi-scale feature extraction [J]. Computer Engineering & Science, 2023, 45(06): 1054-1062.
[13]	LIANG Yi, Turdi Tohti, Askar Hamdulla, . Multi-modal false information detection via multi-layer CNN-based feature fusion and multi-classifier hybrid prediction [J]. Computer Engineering & Science, 2023, 45(06): 1087-1096.
[14]	PU Zi-jun, ZHANG Shou-ming. A sound event localization and detection algorithm based on feature fusion and Transformer model [J]. Computer Engineering & Science, 2023, 45(06): 1097-1105.
[15]	DENG Shan-shan, HUANG Hui, MA Yan. A small object detection algorithm based on improved Faster R-CNN [J]. Computer Engineering & Science, 2023, 45(05): 869-877.