计算机与现代化Issue(2):1-5,5.DOI:10.3969/j.issn.1006-2475.2018.02.001
基于序列比对的勒索病毒同源性分析
Homology Analysis of Ransomware Based on Sequence Alignment
摘要
Abstract
The number of ransomware is increasing rapidly while few belong to new family,most of them are mutations.A new homologous analysis approach based on API sequence of ransomware is proposed.The paper uses sandbox to extract ransomware's dynamic behavior for analyzing API category,and then encodes the feature as well as removes the repetition.Also,the sequence alignment algorithm is used to calculate the similarity between different ransomware.The dataset for the experiment contains 6 different families of ransomware and their variants.The result shows that proposed method performs well in analyzing the homology of ransomware which can be used to distinguish unknown software.关键词
勒索软件/动态检测/沙箱/API序列/序列比对Key words
ransomware/dynamic detection/sandbox/API sequence/sequence alignment分类
信息技术与安全科学引用本文复制引用
龚琪,曹金璇,芦天亮..基于序列比对的勒索病毒同源性分析[J].计算机与现代化,2018,(2):1-5,5.基金项目
国家重点研发计划“网络空间安全”重点专项(2017YFB0802804) (2017YFB0802804)
国家自然科学基金资助项目(61602489) (61602489)
赛尔网络下一代互联网技术创新项目(NGII20160405) (NGII20160405)
