Ransomware variation detection method based on sequence alignment algorithm

A sequence comparison and detection method technology, which is applied to computer parts, calculations, computer security devices, etc., can solve the problem of no ransomware optimization, etc., and achieve the effect of shortening the detection time and reducing the number of samples

Active Publication Date: 2018-02-09
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF10 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above mainstream detection methods do not focus on ransomware or ransomware variants, and ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware variation detection method based on sequence alignment algorithm
  • Ransomware variation detection method based on sequence alignment algorithm
  • Ransomware variation detection method based on sequence alignment algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be described in detail below in conjunction with the accompanying drawings and specific examples.

[0026] The process of ransomware variant detection is actually to analyze the similarity and homology between unknown ransomware samples and known families, and the sequence comparison algorithm in the field of bioinformatics can be used to analyze DNA sequences or protein sequences. similarity and homology. Therefore, the present invention takes the existing detection method as the theoretical basis, combines the sequence comparison algorithm in the field of bioinformatics and the classification algorithm in the field of data mining, and focuses on the detection of ransomware variants. Ransomware is divided into known ransomware families, that is, to distinguish the variant of which known family the detected ransomware belongs to, so that researchers can quickly formulate defense countermeasures based on existing experience.

[0027] The prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a ransomware variation detection method based on a sequence alignment algorithm. The method comprises the specific steps of inputting a ransomware sample, extracting a sample feature sequence, processing the sample feature sequence into a gene sequence, and detecting a ransomware variation. The step of variation detection specifically comprises the sub-steps of clustering each gene sequence in a sample set, extracting clustering result information to acquire various ransomware families; using the sequence alignment algorithm Needleman-Wunsch to compute similarity betweena sample to be detected and a class cluster center sample of various ransomware families, screening out clusters with the similarity more than a preset threshold, and using the screened clusters to form a new ransomware training sample set; determining the ransomware family class to which the sample to be detected belongs b using the newly screened training sample set in combination with the sequence alignment algorithm and a KNN classification algorithm to achieve variation detection. According to the method, the purpose of quickly achieving ransomware variation detection is achieved by combining the sequence alignment algorithm with the existing classification algorithm.

Description

technical field [0001] The invention relates to a method for detecting ransomware variants based on a sequence comparison algorithm, and belongs to the technical field of software detection. Background technique [0002] At present, there are not many detection and defense methods for ransomware at home and abroad, which are mainly divided into the following categories: detection methods based on network traffic analysis, detection methods based on dynamic and static characteristics of ransomware, and detection methods based on decoy files. [0003] In the prior art, the invention patent application "a detection method and system for blackmailer virus", application number: CN201611094356.1, judges whether the encryption operation is performed by comparing the entropy value of the modified file and the backup file, and collects if there is an encryption operation All encrypted files, and determine whether the proportion of files with the same extension exceeds the preset valu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F2221/033G06F18/23213G06F18/24147
Inventor 王勇李明薛静锋单纯成晋标史小东马原
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap