• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Computer Conference, Computer Society of Iran >Static Detection of Ransomware Using LSTM Network and PE Header
【24h】

Static Detection of Ransomware Using LSTM Network and PE Header

机译:使用LSTM Network和PE标题静态检测Ransomware

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Ransomware is a type of malware from cryptovirology that perpetually blocks access to a victim’s data unless a ransom is paid. Today, this type of malware has grown dramatically and has targeted the computer systems of some important organizations such as hospitals, banks, and Water Organization. Therefore, early detection of this type of malware is very important. This paper describes a solution to ransomware detection based on executable file headers. Header of the executable file expresses important information about the structure of the program. In other words, the header’s information is a sequence of bytes, and changing it changes the structure of the program file. In the proposed method, using LSTM network, the sequence of bytes that constructs the header is processed and the ransomware samples are separated from the benign samples. The proposed method can detect a ransomware sample with 93.25 accuracy without running the program and using a raw header, so it is suitable for quick detection of suspicious samples.
机译:Ransomware是一种来自密码流程的恶意软件,除非支付赎金,否则不会阻止对受害者数据的访问。如今,这种恶意软件已经大幅增长,并针对了一些重要组织的计算机系统,如医院,银行和水组织。因此,早期检测这种恶意软件非常重要。本文介绍了基于可执行文件标头的勒索软件检测的解决方案。可执行文件的标题表示有关程序结构的重要信息。换句话说,标题的信息是一系列字节,并改变它改变程序文件的结构。在所提出的方法中,使用LSTM网络,处理构建报头的字节序列,并将勒索软件样本与良性样本分开。所提出的方法可以通过93.25精度检测勒索软件样本,而无需运行程序并使用原始标题,因此适合快速检测可疑样本。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号