Design And Implemention Of Android Ransomware Detection Engine Based On Energy Consumption Information

Ransomware has become a serious threat in recent years.In the past 2021,ransomware attacks have caused disruptions to operations at Colonial Pipeline,a major oil pipeline company in the United States.With the development of mobile Internet and the increasing use of Android devices,ransomware on this platform has emerged,and its types and the number of ransom incidents it causes are increasing.The research on the detection methods of Android ransomware is significant.At present,the field of ransomware detection is mainly based on the principles of static analysis,dynamic analysis,behavioral analysis and system resource usage analysis,and there are generally problems such as low detection rate of new ransomware,poor resistance to obfuscation and reliance on device Root permissions.In this thesis,with the aim of correctly detecting Android ransomware,we focus on the energy consumption index which is closely related to the malicious behavior of ransomware,conduct research on the difference of energy consumption index when ransomware and benign software are running,propose a ransomware detection method based on energy consumption information,and optimize and expand the detection scheme by combining the attack behavior characteristics and permission application characteristics of ransomware,and finally provide a solution for A prototype system is designed and implemented for the detection method in this thesis.The main work of this thesis is as follows.(1)Monitor and compare the energy consumption indicators of ransomware and benign software,and analyze and summarize the reasons for the huge difference in energy consumption indicators between ransomware and benign software.We propose a ransomware detection method based on energy consumption information,and innovatively use the time series information of CPU and LCD screen module energy consumption indicators to train a binary classification model with a 98.1%detection rate.(2)Based on the analysis of the difference between ransomware and benign software in terms of permission application,a series of permission combination sets are summarized that can be used to distinguish ransomware from non-ransomware,and a lightweight ransomware filter based on permission information is proposed accordingly.The set of permission combinations with the best performance in the filtering process is selected through experiments,which eventually helps the detection engine filter 97.77%of non-ransomware in advance and greatly reduces the average detection time of the detection system.(3)The overall system architecture is divided into layers,and the design and implementation of the download blocker in the interaction layer,the lightweight ransomware filter in the filtering layer,and the automated energy consumption information collection framework in the information extraction layer are described in detail.The final assembly of the modules in each layer is completed,and the Android ransomware detection system based on energy consumption information is designed and implemented,achieving the goal of automated and lightweight detection of ransomware in the system.