摘要
近年来,勒索软件的活跃度高居不下,给社会造成了严重的经济损失。文件一旦被勒索软件加密后将难以恢复,因此如何及时且准确地检测出勒索软件成为了当前的研究热点。为了提升勒索软件检测的及时性和准确性,在分析多种勒索软件家族与良性软件运行初期行为的基础上,提出了一种基于深度学习的勒索软件早期检测方法(Ransomware Early Detection Method Based on Deep Learning,REDMDL)。REDMDL以软件运行初期所调用的一定长度的应用程序编程接口(Application Programming Interface,API)序列为输入,结合词向量和位置向量对API序列进行向量化表征,再构建深度卷积网络与长短时记忆网络(Convolutional Neural Network-Long Short Term Memory,CNN-LSTM)相结合的神经网络模型,来实现对勒索软件的早期检测。实验结果显示,REDMDL能够在一个软件运行后数秒内高准确率地判定其是勒索软件还是良性软件。
In recent years,ransomware is becoming increasingly prevalent,causing serious economic losses.Since files encrypted by ransomware are difficult to recover,how to timely and accurately detect ransomware is a hot point nowadays.To improve the timeliness and accuracy of ransomware detection,this paper analyzes the behavior of ransomware family and benign software in the early stage of operation and proposes a ransomware early detection method based on deep learning(REDMDL).REDMDL takes a certain length of application programming interface(API)sequence that is obtained by software running at the initial stage as input,combines word vector and position vector to vectorize the collected API sequence,and then constructs a convolutional neural network-long short term memory(CNN-LSTM)neural network model for early detection of ransomware.Experimental results show that REDMDL can accurately determine whether the software is ransomware or benign within seconds after it star-ting to run.
作者
刘文静
郭春
申国伟
谢博
吕晓丹
LIU Wenjing;GUO Chun;SHEN Guowei;XIE Bo;LYU Xiaodan(State Key Laboratory of Public Big Data,College of Computer Science and Technology,Guizhou University,Guiyang 550025,China)
出处
《计算机科学》
CSCD
北大核心
2023年第3期391-398,共8页
Computer Science
基金
国家自然科学基金(62162009)
贵州省自然科学基金(黔科合基础[2020]1Y268)
贵州省科技计划项目(黔科合重大专项字[2018]3001)。
