Titolo:  R-PackDroid: API package-based characterization and detection of mobile ransomware
Data di pubblicazione:  2017
Autori:  Maiorca, Davide; Mercaldo, Francesco; Giacinto, Giorgio; Visaggio, Corrado Aaron; Martinelli, Fabio
Presenza coautori internazionali:  no
Lingua:  Inglese
Titolo del libro:  SAC '17: Proceedings of the Symposium on Applied Computing
ISBN:  9781450344869
Editore:  ACM
Sezione:  Contributo
Pagina iniziale:  1718
Pagina finale:  1723
Numero di pagine:  6
Digital Object Identifier (DOI):  http://dx.doi.org/10.1145/3019612.3019793
Codice identificativo Scopus:  2-s2.0-85020890980
Revisione (peer review):  Esperti anonimi
Nome del convegno:  32nd Annual ACM Symposium on Applied Computing, SAC 2017
Periodo del convegno:  3-7 Aprile 2017
Luogo del convegno:  Marrakech, Morocco
Abstract:  Ransomware has become a serious and concrete threat for mobile platforms and in particular for Android. In this paper, we propose R-PackDroid, a machine learning system for the detection of Android ransomware. Differently to previous works, we leverage information extracted from system API packages, which allow to characterize applications without specific knowledge of user-defined content such as the application language or strings. Results attained on very recent data show that it is possible to detect Android ransomware and to distinguish it from generic malware with very high accuracy. Moreover, we used R-PackDroid to flag applications that were detected as ransomware with very low confidence by the VirusTotal service. In this way, we were able to correctly distinguish true ransomware from false positives, thus providing valuable help for the analysis of these malicious applications.
Tipologia: 4.1 Contributo in Atti di convegno

File in questo prodotto:
File Descrizione Tipologia Licenza  
SAC2017-R-PackDroid-printed.pdf  versione editoriale Administrator   Richiedi una copia

Questionario e social

Condividi su: