Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

Abstract

Read online

Most of the time, cybercriminals look for new ways to bypass security controls by improving their attacks. In the 1980s, attackers developed malware to kidnap user data by requesting payments. Malware is called a ransomware. Recently, they have demanded payment in Bitcoin or any other cryptocurrency. Ransomware is one of the most dangerous threats on the Internet, and this type of malware could affect almost all devices. Malware cipher device data, making them inaccessible to users. In this study, a new method for Android ransomware classification was proposed. This method implements a Convolutional Neural Network (CNN) for malware classification based on images. This paper presents a novel method for transforming an Android Application Package (APK) into a grayscale image. The image creation relies on using Natural Language Processing (NLP) techniques for text cleaning and Fuzzy Hashing to represent the decompiled code from the APK in a set of hashes after preprocessing using NLP techniques. The image is composed of $n$ fuzzy hashes that represent the APK. The method was tested using a dataset of 7,765 Android ransomware samples obtained from external researchers and public sources. The accuracy of the proposed method was higher than that of other methods in the literature.

Keywords

• Android ransomware
• convolutional neural network
• deep learning
• fuzzy hashing
• malware classification
• ransomware