Article Preview
Top1. Introduction
Internet traffic on mobile devices has steadily increased over the last few years. In 2018, 85% of the mobile smartphone market share was held by android devices1. In 2019, 98% of the internet users were mobile users2. Google’s android operating system, currently leading the mobile market3 (Alzaylaee, et al., 2020; Mutton & Badhani, 2019; Grampurohit, et al.,2014), is predicted to continue to have a dramatic increase in the market with around 1.5 billion android-based devices shipped by 2021 (Alzaylaee, et al., 2020). This adoption and popularity of smartphones has greatly stimulated the spread of mobile malware, especially on popular android platforms. There was an average loss of $13.0 million due to malware or malware related attacks4 in 2018. Malware has seen an increase of +11% from 2018 to 20194. Worldwide mobile app downloads in 2017 were 197 billion and are expected to reach 352.9 billion in 20215. Being open source, Android faces additional challenges with malware infected apps (Alzaylaee et al., 2020). Hence malware detection has become one of the most important factors in the security of smartphones (Lashkari et al., 2018).
Malware is any software maliciously designed to attack vulnerable services. Many vulnerable services allow malware to infect insecure accessible systems automatically (Priya et al., 2016). Other malicious attackers are able to lure victims into deliberately executing malicious code on their machines (Priya et al., 2016), giving away personal, financial, as well as healthcare data. There are many different types of malware: viruses, worms, trojans, spyware, ransomware, scareware, bots, and rootkits. This paper focuses on Scareware. Scareware is a form of malware which poses a perception of threat in order to manipulate users into buying or installing unwanted software. Mainly used to steal data, it displays frightening screens to show that your device is under attack and uses fake versions of system problem messages and virus alerts, claiming to be an antivirus solution3. A user is often tempted into installing malware without any awareness and the malware steals the users’ personal information. Thus, building intrusion detection systems for the detection of malware is critical to protecting smartphone users.
The novelty of this paper lies in developing a scareware detection system using network data from the android platform (Pendlebury et al., 2018). Several papers have looked at classifying malware data in general (Alzaylaee et al., 2020; Mutton & Bhadhani, 2017; Grampurohit et al., 2014; Lashkari et al., 2018; Wu et al., 2014; Li et al., 2016; Arshad et al., 2016; Chavan et al., 2019; Kapratwar et al., 2017), but none have looked at scareware attacks in particular. Moreover, none of the works have analyzed each of the individual scareware families.
Machine learning (ML) has become a standard tool for malware detection in the academic security community, and is used to identify attacks with respectable accuracy. This paper uses three classifiers, Decision Tree, Naïve Bayes and OneR, to classify existing android scareware families using a minimal number of attributes. An Information Gain based recursive feature elimination process is used to determine the features used in classification. The novelty of this work lies in being able to detect the various scareware families using a smaller number of network attributes with respectable accuracy. The top ten attributes contributing to the classification of each scareware family are also presented.