摘要
近年来,由加密型勒索软件引起的网络安全事件的数量大幅度增长,受害者广布全球。加密型勒索软件采用高强度加密算法对用户文件加密,目前对加密型勒索软件没有可靠的事前防御和检测措施,用户数据一旦被勒索软件加密,传统的反病毒软件无能为力。为了解决以上问题,从恶意软件主动防御的思想出发,提出一种基于机器学习的针对加密型勒索软件的防御方案,并在Mac OS平台实现。通过对程序的实时行为监控,从文件操作行为的关键数据中提取多种特征,采用不同的分类方法对加密数据和正常数据进行识别,捕捉加密型勒索软件行为,并采取相应的控制手段。
In recent years, due to the rapidly increasing nu,nber of cyber security incidents caused by ransomware, the victims spreading worhtwide. Ransomware uses high-intensity encryption algorithm to enerypt user's files. There are no reliable pre-defense and detection measures for ransomware. The traditional anti-virus software is inability to do anything once user's data is encrypted. In view of the above prob- lems, based on the idea of active defense against malicious software, proposes an active defense method based on machine learning for ransomware and implements on the Mac OS platform. Extracts a variety of features from the key data information of the file operation be- havior thrnugh the real-time behavior monitoring of the program, uses different classification methods to identify the encryption data and normal data, captures the behaviors of ransomware and takes corresponding control measures.
出处
《现代计算机》
2017年第3期58-63,共6页
Modern Computer
