A Ransomware Variation Detection Method Based on Sequence Algorithm

A sequence comparison and detection method technology, which is applied to computer parts, calculations, computer security devices, etc., can solve the problem of no ransomware optimization, etc., and achieve the effect of shortening the detection time and reducing the number of samples

Active Publication Date: 2021-02-12
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above mainstream detection methods do not focus on ransomware or ransomware variants, and most of them are general detection methods for multi-category malware, and are not optimized for ransomware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Ransomware Variation Detection Method Based on Sequence Algorithm
  • A Ransomware Variation Detection Method Based on Sequence Algorithm
  • A Ransomware Variation Detection Method Based on Sequence Algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be described in detail below in conjunction with the accompanying drawings and specific examples.

[0026] The process of ransomware variant detection is actually to analyze the similarity and homology between unknown ransomware samples and known families, and the sequence comparison algorithm in the field of bioinformatics can be used to analyze DNA sequences or protein sequences. similarity and homology. Therefore, the present invention takes the existing detection method as the theoretical basis, combines the sequence comparison algorithm in the field of bioinformatics and the classification algorithm in the field of data mining, and focuses on the detection of ransomware variants. Ransomware is divided into known ransomware families, that is, to distinguish the variant of which known family the detected ransomware belongs to, so that researchers can quickly formulate defense countermeasures based on existing experience.

[0027] The prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for detecting variants of ransomware based on a sequence comparison algorithm. The specific process is: inputting a sample of ransomware, extracting a sample feature sequence, processing the sample feature sequence into a gene sequence, and detecting a variant of ransomware; the variant detection Specifically: cluster each gene sequence in the sample set, extract the clustering result information, and obtain various ransomware families; use the sequence comparison algorithm Needleman-Wunsch to calculate the clusters between the samples to be detected and various ransomware families The similarity of the central sample, select the clusters whose similarity is greater than the set threshold, and use the selected clusters to form a new ransomware training sample set; for the samples to be detected, use the newly selected training sample set, combined with the sequence comparison algorithm and KNN classification algorithm to determine the ransomware family category to which it belongs to realize variant detection. This method combines the sequence comparison algorithm with the existing classification algorithm to achieve the purpose of quickly realizing the detection of ransomware variants.

Description

technical field [0001] The invention relates to a method for detecting ransomware variants based on a sequence comparison algorithm, and belongs to the technical field of software detection. Background technique [0002] At present, there are not many detection and defense methods for ransomware at home and abroad, which are mainly divided into the following categories: detection methods based on network traffic analysis, detection methods based on dynamic and static characteristics of ransomware, and detection methods based on decoy files. [0003] In the prior art, the invention patent application "a detection method and system for blackmailer virus", application number: CN201611094356.1, judges whether the encryption operation is performed by comparing the entropy value of the modified file and the backup file, and collects if there is an encryption operation All encrypted files, and determine whether the proportion of files with the same extension exceeds the preset valu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62
CPCG06F21/562G06F2221/033G06F18/23213G06F18/24147
Inventor 王勇李明薛静锋单纯成晋标史小东马原
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap