Abstract:
Ransomware is one of the threatening malwares for security systems, targeting both Windows
and mobile platforms. It has the ability of encrypting sensitive user data and command a
deliverance of data in return. The extensive growth of ransomware attacks is due to the spread
of mobile malware with irrelevant permissions and malware codes in mobile applications. In
the literature, there are several proposed models for detecting ransomware. These models
typically utilize various attributes, such as API calls, system calls, intents, permissions, and
other dynamic features of an application. However, the extensive utilization of the
aforementioned attributes can lead to the increased complexity of the detection system.
Therefore, a deep investigation of Android Permissions to identify the significant set of
permissions that can be used to detect ransomware applications prior to their initiation is
focused in this study. The proposed RansomShield technique first identifies the significant
permissions to be used and then employed machine learning algorithms to classify. Through
our implementation, the proposed model successfully identified 16 significant permissions to
predict ransomware applications with 97% detection accuracy. The classifiers we used for this
model are supervised for ransomware detection for accomplishing high accuracies i.e., 97%
with Random Forest, 95% with Decision Tree, 97% with SVM, 95% with Logistic Regression,
73% with Naïve Bayes, 94 % with Bagging, 100% with Gradient boosting and 97% with KNN
models. The proposed model outperformed the existing model regarding a limited no. of
permissions while achieving high accuracy. Further, a new permission-based dataset is created
that is online and available for future researchers.
