| The rapid development of information technology makes data an increasingly important asset for organizations,businesses and individuals.In recent years,ransomware has become a serious threat to cybersecurity by locking users' systems or encrypting important data.Existing generic malware detection system can not detect ransomware in a targeted manner,and defense against ransomware relies on specific mitigations.On the other hand,the theory of machine learning has been gradually matured and began to be widely applied in malware detection.This paper proposes two methods of ransomware detection based on deep learning technology after a detailed study of the ransomware attack process and technical principle,and has achieved good results for the destructive encryption ransomware.The main contents are as follows:The method based on feedforward neural network is characterized by the number of API calls,file system operations,registry operations and imported strings during operation.The classifier is trained via the fully connected chain neural network model.Experiments show that the detection accuracy reaches 95% while the AUC value reaches 0.98,and the model has good classification performance and scalability.The method based on long short-term memory model uses API function call sequence as features.Preprocess and compressing original dataset can greatly reduce the data dimension and improv learning speed.Meanwhile,this paper uses Dropout regularization to reduce the generalization error from 5% to 2%,which significantly improves the model performance.The experiment results show that the model has low learning cost and false positive rate,and can accurately detect and identify ransomware variants. |
PDF Full Text Request