IEEE Access (Jan 2019)

Detecting Android Locker-Ransomware on Chinese Social Networks

  • Dan Su,
  • Jiqiang Liu,
  • Xiaoyang Wang,
  • Wei Wang

DOI
https://doi.org/10.1109/ACCESS.2018.2888568
Journal volume & issue
Vol. 7
pp. 20381 – 20393

Abstract

Read online

In recent years, an increasing amount of locker-ransomware has been posing a great threat to the Android platform as well as users' properties. Locker-ransomware blackmails victims for ransom by compulsorily locking the devices. What is worse, a mature locker-ransomware transaction chain has taken shape on Chinese social networks. The effective detection of locker-ransomware is an emergent yet crucial issue. To deal with this issue, in this paper, we are motivated to propose a light-weight and automated method for the detection of locker-ransomware. First, we conduct a thorough survey of the locker-ransomware's transaction market and perform a comprehensive analysis of locker-ransomware's behaviors. Second, to cope with the code obfuscation problem, we extract features of both displayed texts and background operations based on the observed behaviors. The fine-grained features are extracted from multiple sources, which can profile locker-ransomware in different aspects. Finally, we employ the ensemble of four machine learning algorithms for detection. The experimental results show that our method outperforms VirusTotal. It achieves the best performance with the detection accuracy of 99.98%.

Keywords