Sumith Maniath, Aravind Ashok, P. Poornachandran, V. Sujadevi, A. Sankar, Srinath Jan
{"title":"基于深度学习LSTM的勒索软件检测","authors":"Sumith Maniath, Aravind Ashok, P. Poornachandran, V. Sujadevi, A. Sankar, Srinath Jan","doi":"10.1109/RDCAPE.2017.8358312","DOIUrl":null,"url":null,"abstract":"There is a growing interest in academia and industry to employ dynamic analysis for automating malwares analysis. In dynamic analysis, Application Programming Interface (API) calls made by the executable is a promising source to identify the behavior of an application. The list of API calls made by a process can be considered as a word sequence. This work aims to detect ransomware behavior by employing Long-Short Term Memory (LSTM) networks for binary sequence classification of API calls. We present an automated approach to extract API calls from the log of modified sandbox environment and detect ransomware behavior. The proposed approach is expected to improve the automated analysis of large volume of malwares samples.","PeriodicalId":442235,"journal":{"name":"2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"58","resultStr":"{\"title\":\"Deep learning LSTM based ransomware detection\",\"authors\":\"Sumith Maniath, Aravind Ashok, P. Poornachandran, V. Sujadevi, A. Sankar, Srinath Jan\",\"doi\":\"10.1109/RDCAPE.2017.8358312\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There is a growing interest in academia and industry to employ dynamic analysis for automating malwares analysis. In dynamic analysis, Application Programming Interface (API) calls made by the executable is a promising source to identify the behavior of an application. The list of API calls made by a process can be considered as a word sequence. This work aims to detect ransomware behavior by employing Long-Short Term Memory (LSTM) networks for binary sequence classification of API calls. We present an automated approach to extract API calls from the log of modified sandbox environment and detect ransomware behavior. The proposed approach is expected to improve the automated analysis of large volume of malwares samples.\",\"PeriodicalId\":442235,\"journal\":{\"name\":\"2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE)\",\"volume\":\"89 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"58\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RDCAPE.2017.8358312\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RDCAPE.2017.8358312","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
There is a growing interest in academia and industry to employ dynamic analysis for automating malwares analysis. In dynamic analysis, Application Programming Interface (API) calls made by the executable is a promising source to identify the behavior of an application. The list of API calls made by a process can be considered as a word sequence. This work aims to detect ransomware behavior by employing Long-Short Term Memory (LSTM) networks for binary sequence classification of API calls. We present an automated approach to extract API calls from the log of modified sandbox environment and detect ransomware behavior. The proposed approach is expected to improve the automated analysis of large volume of malwares samples.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
