期刊文献+

基于API函数序列的勒索病毒家族同源性研究 被引量:1

Research on Homology of Ransomware Family Based on API Sequences
下载PDF
导出
摘要 近年来,勒索病毒数量的增长多为已知家族衍生的变种,鲜有出现新型勒索病毒家族。通过对勒索病毒动态提取的API函数序列进行研究,在原有基于序列比对分析勒索病毒家族同源性的方法上作出了改进。使用Cuckoo Sandbox监测勒索病毒的动态行为特征,提取病毒进程对应的API函数调用类别序列并对序列进行规范化处理,去除所有重复子序列后,对同一家族的勒索病毒样本序列使用Multalin、Clustal Omega、T-coffee 3种不同的多序列比对方法并分别设置不同的共性水平提取共性序列,结合局部比对算法计算同家族和家族间的相似性,以确定最佳共性序列并将其作为家族图谱序列。在验证该方案有效性时,设置了以家族样本代表序列和最佳共性序列分别作为家族图谱序列进行对比实验,实验结果表明,使用家族最佳共性序列作为家族图谱序列和局部比对方法计算相似性可以更好地区分勒索病毒家族。 In recent years,the increase in the number of ransomwares have mostly been variants derived from known families,and few new ransomware families have emerged.By studying the API sequences dynamically extracted from ransomware,some improvements have been made based on the method of sequence alignment for the homology of ransomware family.The Cuckoo Sandbox was used to monitor the dynamic behavior characteristics of the ransomware virus,and every API category sequence corresponding to the ransomware virus's process was extracted and normalized.After removing all repeated subsequences,three different methods of Multiple Sequence Alignment which are Multalin,Clustal Omega,and T-coffee were set different common levels to extracted consensus sequences,and then were used for ransomware sample sequences of the same family,and finally the local alignment algorithm was used to calculate the similarity in the same family and the similarity between different kind of families to determine the best consensus sequence and regard it as a family map sequence.For verifying the effectiveness of the scheme,a contrast experiment was set up using the best consensus sequence and the family representative sample sequence separately as the family map sequence.The experimental results show that using the best family consensus sequences as the family map sequence and the local alignment method to calculate the similarity can better distinguish the ransomware virus family.
作者 岳婷 蔡满春 芦天亮 YUE Ting;CAI Manchun;LU Tianliang(College of Police Information Engineering and Cyber Security,People s Public Security University of China,BeiJing 100038,China)
出处 《中国人民公安大学学报(自然科学版)》 2020年第2期53-60,共8页 Journal of People’s Public Security University of China(Science and Technology)
基金 国家重点研发计划“网络空间安全”重点专项(2017YFB0802804) “十三五”国家密码发展基金密码理论研究重点课题(MMJJ20180108)。
关键词 勒索病毒 序列比对 共性序列 同源 ransomware alignment consensus sequence homology
  • 相关文献

参考文献2

二级参考文献10

共引文献7

同被引文献3

引证文献1

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部