RANSOMSHIELD: MITIGATING ANDROID RANSOMWARE ATTACKS THROUGH PERMISSIONBASED ANALYSIS USING MACHINE LEARNING

Abstract

Ransomware is one of the threatening malwares for security systems, targeting both Windows and mobile platforms. It has the ability of encrypting sensitive user data and command a deliverance of data in return. The extensive growth of ransomware attacks is due to the spread of mobile malware with irrelevant permissions and malware codes in mobile applications. In the literature, there are several proposed models for detecting ransomware. These models typically utilize various attributes, such as API calls, system calls, intents, permissions, and other dynamic features of an application. However, the extensive utilization of the aforementioned attributes can lead to the increased complexity of the detection system. Therefore, a deep investigation of Android Permissions to identify the significant set of permissions that can be used to detect ransomware applications prior to their initiation is focused in this study. The proposed RansomShield technique first identifies the significant permissions to be used and then employed machine learning algorithms to classify. Through our implementation, the proposed model successfully identified 16 significant permissions to predict ransomware applications with 97% detection accuracy. The classifiers we used for this model are supervised for ransomware detection for accomplishing high accuracies i.e., 97% with Random Forest, 95% with Decision Tree, 97% with SVM, 95% with Logistic Regression, 73% with Naïve Bayes, 94 % with Bagging, 100% with Gradient boosting and 97% with KNN models. The proposed model outperformed the existing model regarding a limited no. of permissions while achieving high accuracy. Further, a new permission-based dataset is created that is online and available for future researchers.