Journal ArticleOPEN ACCESS

Automatic detection of Android crypto ransomware using supervisor reduction

Discrete Event Dynamic Systems: Theory and Applications (2024) 34(4) 539-571
DOI: 10.1007/s10626-024-00406-1
0Citations
Citations of this article
16Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper proposes a finite-state machine based approach to recognise crypto ransomware based on their behaviour. Malicious and benign Android applications are executed to capture the system calls they generate, which are then filtered and tokenised and converted to finite-state machines. The finite-state machines are simplified using supervisor reduction, which generalises the behavioural patterns and produces compact classification models. The classification models can be implemented in a lightweight monitoring system to detect malicious behaviour of running applications quickly. An extensive set of cross validation experiments is carried out to demonstrate the viability of the approach, which show that ransomware can be classified accurately with an F1 score of up to 93.8%.

Author supplied keywords

Cite

CITATION STYLE

APA

Chew, C. J. W., Malik, R., Kumar, V., & Patros, P. (2024). Automatic detection of Android crypto ransomware using supervisor reduction. Discrete Event Dynamic Systems: Theory and Applications, 34(4), 539–571. https://doi.org/10.1007/s10626-024-00406-1

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free