Research On Visual Detection Technology Of Ransomware Based On Hilbert Curve-Deep Learning

Ransomware,recognized as the most infectious "digital disease" known to humanity,poses a serious threat to data security.Traditional methods of ransomware detection largely rely on static and dynamic analysis,which involve complex manual feature engineering and are inefficient when dealing with large-scale classification tasks.Although deep learning demonstrates exceptional performance in image processing,its application to ransomware file analysis often results in the loss of the original onedimensional structure during image conversion,which reduces the precision of detection.To address these issues,this paper introduces a novel approach that uses Hilbert curves to effectively map one-dimensional data onto two-dimensional images while retaining the inherent one-dimensional structural information,thereby significantly improving the precision of detection.The primary contributions of this study are as follows:(1)A comprehensive analysis of theories related to ransomware classification.This paper discusses the types and advanced classification methods of ransomware detection,systematically analyzing the application scenarios,strengths and weaknesses,and existing issues of traditional ransomware classification methods.(2)To tackle the problem of losing one-dimensional structural information during the conversion of ransomware files into images by deep learning,a visualization method based on Hilbert curve imagery is proposed.This method uses the unique characteristics of Hilbert curves to preserve some one-dimensional structural information when mapping one-dimensional data onto a two-dimensional plane,thereby better retaining the features of the sample.The Res Ne St50 network is used to extract Hilbert features for image classification,enabling more precise classification of ransomware families.The experimental results show that the Hilbert curve image-based method outperforms the grayscale image method in terms of performance,accuracy,precision,recall,and F1-Score.(3)To fully extract the features of Hilbert curve images,a dual-path network classification method based on Hilbert curve images is proposed.Firstly,the Res Ne St50 and Efficient Net-B4 models are used to extract different features from Hilbert curve images.These features are then combined using a feature concatenation method to form a dual-path network,and finally,an SVM classifier is used for final category determination.The experimental results show that the SVM classifier performs the best,especially the recall index,which is improved by more than 2.2% compared to the best performance of the single model.(4)Based on the above research results,a ransomware detection and classification model application is implemented.Firstly,a ransomware detection and classification system is constructed using the vue+Flask framework technology.Users can easily upload files for ransomware detection and classification and view the Hilbert images of these files.Secondly,a ransomware monitoring and detection module based on the Elastic Stack + Wazuh intrusion detection platform is designed and implemented.This module can monitor the generation of new files in real-time,generate Hilbert images of these files using the Hilbert image algorithm,and classify them using the model proposed in this paper.Finally,the functions and performance of the system and module are tested,demonstrating good accuracy and stability.