Lightweight Crypto-Ransomware Detection in Android Based on Reactive Honeyfile Monitoring

Abstract

Given the high relevance and impact of ransomware in companies, organizations, and individuals around the world, coupled with the widespread adoption of mobile and IoT-related devices for both personal and professional use, the development of effective and efficient ransomware mitigation schemes is a necessity nowadays. Although a number of proposals are available in the literature in this line, most of them rely on machine-learning schemes that usually involve high computational cost and resource consumption. Since current personal devices are small and limited in capacities and resources, the mentioned schemes are generally not feasible and usable in practical environments. Based on a honeyfile detection solution previously introduced by the authors for Linux and Window OSs, this paper presents a ransomware detection tool for Android platforms where the use of trap files is combined with a reactive monitoring scheme, with three main characteristics: (I) the trap files are properly deployed around the target file system, (II) the FileObserver service is used to early alert events that access the traps following certain suspicious sequences, and (III) the experimental results show high performance of the solution in terms of detection accuracy and efficiency.