Affiliation:
1. University of Michigan, Dearborn, MI
Abstract
The unprecedented growth in mobile systems has transformed the way we approach everyday computing. Unfortunately, the emergence of a sophisticated type of malware known as ransomware poses a great threat to consumers of this technology. Traditional research on mobile malware detection has focused on approaches that rely on analyzing bytecode for uncovering malicious apps. However, cybercriminals can bypass such methods by embedding malware directly in native machine code, making traditional methods inadequate. Another challenge that detection solutions face is scalability. The sheer number of malware variants released every year makes it difficult for solutions to efficiently scale their coverage.
To address these concerns, this work presents RansomShield, an energy-efficient solution that leverages CNNs to detect ransomware. We evaluate CNN architectures that have been known to perform well on computer vision tasks and examine their suitability for ransomware detection. We show that systematically converting native instructions from Android apps into images using space-filling curve visualization techniques enable CNNs to reliably detect ransomware with high accuracy. We characterize the robustness of this approach across ARM and x86 architectures and demonstrate the effectiveness of this solution across heterogeneous platforms including smartphones and chromebooks. We evaluate the suitability of different models for mobile systems by comparing their energy demands using different platforms. In addition, we present a CNN introspection framework that determines the important features that are needed for ransomware detection. Finally, we evaluate the robustness of this solution against adversarial machine learning (AML) attacks using state-of-the-art Android malware dataset.
Funder
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference79 articles.
1. AndroZoo
2. Ransomware prevention using application authentication-based file access control
3. Android malware detection through generative adversarial networks;Amin Muhammad;Transactions on Emerging Telecommunications Technologies,2019
4. AnandTech. 2018. The Mate 20 and Mate 20 Pro Review: Kirin 980 Powering Two Contrasting Devices. Retrieved from https://www.anandtech.com/show/13503/the-mate-20-mate-20-pro-review. Accessed 8/3/2021.
5. App Annie. 2019. The State of Mobile. https://www.data.ai/en/insights/market-data/the-state-of-mobile-2019/. Accessed 4/28/2020.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献