Ransomware Detection Toolkit

• 

  Archtecture of Deep Learning model used

Inspiration

Smart-phones have become a necessity for users due to their abundance of services such as global positioning system, SMS, camera, and so forth. It contains personal information of users including personal photos, bank details, stored logins, messages, etc. Also, due to Covid-19 pandemic, personal handsets have become a part of the corporate business models too. These ever-growing prospects around the mobile devices lures the malicious guys to devise unique techniques to capture this potential. The latest trend shows that there is a sudden exponential surge in usage of a type of malware known as ransomware on personal mobile handsets.

What it does

Our project aims to detect android ransomware by leveraging both static and dynamic analysis of the systems and applications artifacts. The project proposes 2 AI-powered models that work together to provide holistic protection against ransomware. Also, having a redundant solution to a single problem makes chances of evasion almost negligible. These solutions have also outperformed several state-of-the-art solutions that are used currently.

=> The first model uses API's invoked and permissions to detect ransomware using a branched Artificial neural network. Several logging and callbacks were set to keep an track on overfitting.

For preparing data, EDA was carefully done : plotting of different types of plots, feature selection using XGBoost, Resampling of data using SMOTE-Tomek, PCA for dimensionality reduction. Finally an accuracy of 99.04% was attained with just 0.14% false positivity rate.

=> The second model used network traffic to detect ransomwares. An LGBMClassifier was used for final prediction, which was fine-tuned using the RandomSearchCV{for finding best parameters}.

Proper EDA, resampling and scaling of data{using RandomScaler, SMOTE-Tomek}, feature selection{pearson's correlation} and dimensionality reduction{PCA} was done on the data-set.

Accomplishments that we're proud of

=> Working non-stop for 32 hrs :)

=> The solutions made in this hackathon attains very high accuracy along with a very less false positive rate.

=>Both of the analysis modules can be used in collaboration to attain even higher detection rate.

=> Intensive 3hr training cycles, wherein almost 10,000 combinations of hyper-parameters were tried, was successfully done.

What's next for Android Ransomware Detection Toolkit

=>Hardware integration of the solution can be done, so that the algorithms can leverage the advantage of GPU

=> More modules can be added for reducing the attack vector scope like anti-phishing, anti-exfiltration modules.

=> A ransomware dataset containing ransomware scarepages can be made and used to detect such image templates.

As I was working alone, thus I couldn't make an website(UI/fromt-end) for the AI-algorithms thus, I submitted this project in best unfinished hack

Best Use of Google Cloud: I used google-collab to train the AI algorithms and a linked google drive to store the dataset and results. Also, the AI based algorithms pre-processed products like cleaned tensors, data frames, etc were also stored on google cloud, so that they can be referenced later

Built With

• google-cloud
• google-collab
• python