Nowadays mobile devices are widespread. Considering the plethora of private and sensitive information stored in smartphone and tablets, it is easy to understand the reason why attackers develop everyday more and more aggressive malicious payloads with the aim to exfiltrate our data. One of the last trend in mobile malware landascape is represented by the so-called ransomware, a threat capable to lock the user interface and to cipher the data of the mobile device under attack. In this paper we present a method based on structural entropy and fuzzy logic classification algorithms able to identify whether an application exhibits a ransomware behaviour. We obtain encouraging results evaluating a dataset composed of 10,052 (malware and legitimate) real-world Android applications.
A novel structural-entropy-based classification technique for supporting android ransomware detection and analysis
Mercaldo F.
2018-01-01
Abstract
Nowadays mobile devices are widespread. Considering the plethora of private and sensitive information stored in smartphone and tablets, it is easy to understand the reason why attackers develop everyday more and more aggressive malicious payloads with the aim to exfiltrate our data. One of the last trend in mobile malware landascape is represented by the so-called ransomware, a threat capable to lock the user interface and to cipher the data of the mobile device under attack. In this paper we present a method based on structural entropy and fuzzy logic classification algorithms able to identify whether an application exhibits a ransomware behaviour. We obtain encouraging results evaluating a dataset composed of 10,052 (malware and legitimate) real-world Android applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
