Back to Blog
Based on the results, the authors recommended updating the classifiers based on the emerging features to enhance the accuracy of the classifiers. Moreover, they used four drift detectors (DDM, EDDM, ADWIN, andKSWIN) to prove their claim. The datasets were used to train and test the adaptive random forest classifier (ARF) and stochastic gradient descent (SFD). The authors used two datasets, namely Drebin and Androzoo, collected during the period (2008–2018). The authors discussed the concept drift in Android malware in general. Otherwise, there will be a gap in the models trained on old features and other models trained on new features to detect each other.Īn interesting work in this direction was proposed by Ceschin et al. Therefore, it is important to include the features of old and new ransomware applications in training the detection model, so that it accurately performs the task. That is, new applications may request new a set of permissions that did not exist in previous versions. Moreover, as the Android operating system is updated and smartphones’ functionalities are increased or enhanced, new permissions arise and are used by different malicious applications. In fact, once the implemented ransomware is detected by the models, the cybercriminals try to develop new types of ransomware. These studies did not consider the variation of permission features requested by ransomware. However, these studies used different datasets, where the ransomware were collected over specific periods from open source websites or acquired manually. There are different studies conducted based on the permission features to detect Android ransomware. Moreover, the permissions features, which are extracted in static analysis, are considered an efficient indicator that can be utilized for the detection of ransomware applications. One of the advantages of static analysis is the time consumption, since it consumes less time in comparison with the dynamic approach. Figure 2 shows the different features of static and dynamic analysis. Meanwhile, dynamic analysis requires a virtual environment to run applications and trigger their behavior to extract features. The static analysis works by decompiling ransomware applications to gather their metadata, where different types of features can be extracted from the manifest file such as signatures, permissions, and API-calls. Two analytical methods are used for feature extraction, which are the static and dynamic analyses. The efficiency of these approaches differs based on the extracted features from applications, besides the algorithms used for the detection task. Machine learning methods have proved their efficiency in detecting Android malware such as the work in. More research has been focusing on developing new approaches for the detection of Android ransomware applications. Moreover, the results shows that the proposed model outperforms the state-of-the-art approaches considered in this work. The experiments show that the proposed model is efficient in detecting Android ransomware regardless of its age by achieving an accuracy of approximately 97.48%. Furthermore, the paper proposes a supervised machine learning model that is trained and tested using the diverse dataset. Moreover, this paper collected a large and diverse dataset of ransomware applications that comprises new and old ransomware developed during the period 2008–2020. This proves that supervised machine learning models trained using new ransomware dataset are inefficient in detecting old types of ransomware and vice versa. This paper sheds light on the importance of considering the age of ransomware datasets and its effects on the detection accuracy of supervised machine learning models. Therefore, the detection accuracy for those models is inaccurate since they learned using features from specific ransomware, old or new ransomware, and they did not learn using diverse ransomware features from different ages. However, the age of the ransomware datasets was not considered when training and testing these models. These models were trained using different datasets from different sources. Several supervised machine learning models have been proposed and used to detect Android ransomware.
0 Comments
Read More
Leave a Reply. |