Research On Detection Algorithm Of Extortion Software Based On Machine Learning

Computer application has penetrated into all fields of social life,bringing great convenience to our life,study and work,but at the same time,there are many network security threats,among which blackmail software has become one of the mainstream threats.Blackmail software will encrypt user files after infecting the system,and traditional anti-virus software can't do anything about it.This paper aims at this problem In order to improve the recognition performance,the machine learning algorithm is used to train the application programming interface API sequence of blackmail software.The following two recognition methods are proposed:Aiming at the problem of single detection feature and over fitting of machine learning algorithm,a new extortion software detection algorithm XRstacking is proposed based on the stacking model fusion method.All the original dynamic features of blackmail software are extracted,and the API name,thread number and sequence number of each sample call are retained;the features that have little effect on classification are removed by fusion of n-gram and TF-IDF algorithm;the blackmail software is identified by multi feature combination based on the stacking model fusion algorithm.Secondly,in order to solve the problem of manual feature extraction,the depth learning algorithm is used to automatically extract the software running features,and a ransomware detection algorithm based on convolution neural network is proposed.First,the original sample data is input into the convolution neural network model and converted into three-dimensional vector by one hot;then,the training and learning are carried out by three convolutions in one layer and global maximum pooling,and the classification output detection results are carried out by using the softmax classification model.The experimental results show that the detection results are improved to some extent and the operation speed is accelerated.Use the ransomwares based on Windows platform to train and learn the above two detection methods,and the final experiment shows that the two detection methods have achieved good detection accuracy,and the detection method of blackmail software based on convolutional neural network has further improved in the running speed,which also proves that the method proposed in this paper is in the early detection of blackmail software It has practical application value.