Ransomware is malware that encrypts data without permission,demanding payment for access.Detecting ransomware on Android platforms is challenging due to evolving malicious techniques and diverse application behaviors....Ransomware is malware that encrypts data without permission,demanding payment for access.Detecting ransomware on Android platforms is challenging due to evolving malicious techniques and diverse application behaviors.Traditional methods,such as static and dynamic analysis,suffer from polymorphism,code obfuscation,and high resource demands.This paper introduces a multi-stage approach to enhance behavioral analysis for Android ransomware detection,focusing on a reduced set of distinguishing features.The approach includes ransomware app collection,behavioral profile generation,dataset creation,feature identification,reduction,and classification.Experiments were conducted on∼3300 Android-based ransomware samples,despite the challenges posed by their evolving nature and complexity.The feature reduction strategy successfully reduced features by 80%,with only a marginal loss of detection accuracy(0.59%).Different machine learning algorithms are employed for classification and achieve 96.71%detection accuracy.Additionally,10-fold cross-validation demonstrated robustness,yielding an AUC-ROC of 99.3%.Importantly,latency and memory evaluations revealed that models using the reduced feature set achieved up to a 99%reduction in inference time and significant memory savings across classifiers.The proposed approach outperforms existing techniques by achieving high detection accuracy with a minimal feature set,also suitable for deployment in resource-constrained environments.Future work may extend datasets and include iOS-based ransomware applications.展开更多
Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,C...Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.展开更多
The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the ...The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.展开更多
基金supported by the Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2021R1I1A3049788).
文摘Ransomware is malware that encrypts data without permission,demanding payment for access.Detecting ransomware on Android platforms is challenging due to evolving malicious techniques and diverse application behaviors.Traditional methods,such as static and dynamic analysis,suffer from polymorphism,code obfuscation,and high resource demands.This paper introduces a multi-stage approach to enhance behavioral analysis for Android ransomware detection,focusing on a reduced set of distinguishing features.The approach includes ransomware app collection,behavioral profile generation,dataset creation,feature identification,reduction,and classification.Experiments were conducted on∼3300 Android-based ransomware samples,despite the challenges posed by their evolving nature and complexity.The feature reduction strategy successfully reduced features by 80%,with only a marginal loss of detection accuracy(0.59%).Different machine learning algorithms are employed for classification and achieve 96.71%detection accuracy.Additionally,10-fold cross-validation demonstrated robustness,yielding an AUC-ROC of 99.3%.Importantly,latency and memory evaluations revealed that models using the reduced feature set achieved up to a 99%reduction in inference time and significant memory savings across classifiers.The proposed approach outperforms existing techniques by achieving high detection accuracy with a minimal feature set,also suitable for deployment in resource-constrained environments.Future work may extend datasets and include iOS-based ransomware applications.
文摘Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.
基金funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Funding Program,Grant No.(FRP-1443-15).
文摘The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.
