综合行为特征的机器学习勒索软件检测方法

打开文本图片集

关键词：勒索软件检测；加密勒索软件；动态恶意软件分析；机器学习；网络信息流量DOI：10.15938/j. jhust.2025.04.011中图分类号：TN915.08 文献标志码：A 文章编号：1007-2683（2025）04-0102-09

Machine Learning Ransomware Detection Method Incorporating Comprehensive Behavior Features

SUN Kaixuan'， TANG Yuanxin'，LI Song1， CHI Haojie²（1.Schoolof Computer Scienceand Technology，Harbin Universityof Science and Technology，Harbin150080，China;2.Nuctech Company Limited，Beijin 100o84，China）

Abstract：Inransomwaredetectionmethods，therearelimitations inthecomprehensivebehavioranalysisofdynamicbehaviorsand network behaviorsindynamicenvironments.Amachinelearningdetectionmethodbasedonlocaldynamicbehaviorfeaturesand network behaviorfeatures（ML-LDNB）isproposedAccording tothemachinelearningtheory，firstly，byanalyzing thelocaldynamic behaviorandetractingthemulti-dimensionallocaldyamicbehaviorfeatures，thelogisticregresionclasifierisusedtoprdictthe ransomware.Meanwhile，atthenetworklevel，thekeynetworkbehaviorfeaturesareextractedbyanalyzngthenetworktraffcpackets， andthedecision treeclasifierisusedtopredicttheransomware.Finally，themajorityvotingalgorithmisusedtocombinethe predictionresultsoflocaldynamicbehaviorfeaturesandnetworkbehaviorfeaturesasthebasisforransomwareidentificationThe detection accuracy of the method reaches 98 % ，which fully proves the effectiveness and reliability of the method.

Keywords：ransomwaredetection；cryptoransomware；dynamic malwareanalysis；machine learning；network informationtrffic

0 引言

勒索软件已经成为当今企业和个人用户网络安全领域中一个不容忽视的问题。（剩余11807字）