Timed Automata for Mobile Ransomware Detection

Francesco Mercaldo, Fabio Martinelli, Antonella Santone


Considering the plethora of private and sensitive information stored in smartphone and tablets, it is easy to understand the reason why attackers develop everyday more and more aggressive malicious payloads with the aim to exfiltrate our data. One of the last trend in mobile malware landascape is represented by the so-called ransomware, a threat capable to lock the user interface and to cipher the data of the mobile device under attack. In this paper we propose an approach to model an Android application in terms of timed automaton by considering system call traces i.e., performing a dynamic analysis. We obtain encouraging results in the experimental analysis we performed exploiting real-world  (ransomware and legitimate) Android applications.

Full Text:


DOI: http://dx.doi.org/10.14279/tuj.eceasst.79.1120

DOI (PDF): http://dx.doi.org/10.14279/tuj.eceasst.79.1120.1071

Hosted By Universitätsbibliothek TU Berlin.