Litcius/Paper detail

Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

Horacio Rodriguez-Bazan, Grigori Sidorov, Ponciano Jorge Escamilla-Ambrosio

2023IEEE Access19 citationsDOIOpen Access PDF

Abstract

Most of the time, cybercriminals look for new ways to bypass security controls by improving their attacks. In the 1980s, attackers developed malware to kidnap user data by requesting payment. Malware is called a ransomware. Recently, they have demanded payment in Bitcoin or any other cryptocurrency. Ransomware is one of the most dangerous threats on the Internet, and this type of malware could affect almost all devices. Malware cipher device data, making them inaccessible to users. In this study, a new method for Android ransomware classification was proposed. This method implements a Convolutional Neural Network (CNN) for malware classification using images. This paper presents a novel method for transforming an Android Application Package (APK) into a grayscale image. The image creation relies on using Natural Language Processing (NLP) techniques for text cleaning and Fuzzy Hashing to represent the decompiled code from the APK in a set of hashes after preprocessing using NLP techniques. The image is composed of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">n</i> fuzzy hashes that represent the APK. This method was tested on a dataset of 7,765 Android ransomware samples obtained from external researchers and public sources. The accuracy of the proposed method was higher than that of other methods in the literature.

Topics & Concepts

Computer scienceRansomwareMalwareAndroid (operating system)Convolutional neural networkArtificial intelligenceHash functionBitmapEncryptionData miningMachine learningComputer securityOperating systemAdvanced Malware Detection TechniquesMobile and Web ApplicationsSpam and Phishing Detection