基于v -检测器负选择算法的勒索软件检测

2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC) Pub Date : 2017-12-01 DOI:10.1109/SPAC.2017.8304335

Tianliang Lu, Lu Zhang, Shunye Wang, Qi Gong

{"title":"基于v -检测器负选择算法的勒索软件检测","authors":"Tianliang Lu, Lu Zhang, Shunye Wang, Qi Gong","doi":"10.1109/SPAC.2017.8304335","DOIUrl":null,"url":null,"abstract":"As a new type of malicious software, ransomware is one of the biggest security threats in recent years. Inspired by biological immune system, a ransomware detection method based on V-detector negative selection algorithm with mutation optimization is proposed, which is referred to op-RDVD. The behavioral features of ransomware are extracted through dynamic analysis, such as hard disk reading and writing, the document encryption and deletion, etc. Some of benign samples are used to build the self space. The variable-sized detectors are generated both randomly and extracted from ransomware. To improve the ransomware detection accuracy and efficiency, optimize the space distribution of detectors through clone and mutation, achieving maximized coverage of non-self space and minimized overlapping among detectors. The experimental results show that our algorithm has better detection ability than that of the previous method.","PeriodicalId":161647,"journal":{"name":"2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC)","volume":"2000 18","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Ransomware detection based on V-detector negative selection algorithm\",\"authors\":\"Tianliang Lu, Lu Zhang, Shunye Wang, Qi Gong\",\"doi\":\"10.1109/SPAC.2017.8304335\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As a new type of malicious software, ransomware is one of the biggest security threats in recent years. Inspired by biological immune system, a ransomware detection method based on V-detector negative selection algorithm with mutation optimization is proposed, which is referred to op-RDVD. The behavioral features of ransomware are extracted through dynamic analysis, such as hard disk reading and writing, the document encryption and deletion, etc. Some of benign samples are used to build the self space. The variable-sized detectors are generated both randomly and extracted from ransomware. To improve the ransomware detection accuracy and efficiency, optimize the space distribution of detectors through clone and mutation, achieving maximized coverage of non-self space and minimized overlapping among detectors. The experimental results show that our algorithm has better detection ability than that of the previous method.\",\"PeriodicalId\":161647,\"journal\":{\"name\":\"2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC)\",\"volume\":\"2000 18\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SPAC.2017.8304335\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPAC.2017.8304335","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

摘要

勒索软件作为一种新型的恶意软件，是近年来最大的安全威胁之一。受生物免疫系统的启发，提出了一种基于变异优化的v探测器负选择算法的勒索软件检测方法，称为op-RDVD。通过动态分析提取勒索软件的行为特征，如硬盘读写、文件加密和删除等。一些良性样本被用来构建自空间。可变大小的检测器是随机生成的，也可以从勒索软件中提取。为了提高勒索软件检测的准确性和效率，通过克隆和变异优化检测器的空间分布，实现非自空间的最大覆盖和检测器之间的最小重叠。实验结果表明，该算法具有较好的检测能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Ransomware detection based on V-detector negative selection algorithm

As a new type of malicious software, ransomware is one of the biggest security threats in recent years. Inspired by biological immune system, a ransomware detection method based on V-detector negative selection algorithm with mutation optimization is proposed, which is referred to op-RDVD. The behavioral features of ransomware are extracted through dynamic analysis, such as hard disk reading and writing, the document encryption and deletion, etc. Some of benign samples are used to build the self space. The variable-sized detectors are generated both randomly and extracted from ransomware. To improve the ransomware detection accuracy and efficiency, optimize the space distribution of detectors through clone and mutation, achieving maximized coverage of non-self space and minimized overlapping among detectors. The experimental results show that our algorithm has better detection ability than that of the previous method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC)

自引率

0.00%

发文量