Ransomware,as one of the most important threats in network security issues,has caused serious security threats and economic losses to business organizations.Traditional ransomware detection methods are often based on static analysis,with certain limitations,and can only detect and deal with known ransomware.With the emergence of endless ransomware variants and new ransomware,traditional network security solutions have obvious lagging,passivity and inefficiency,and it is difficult to cope with the increasingly complex ransomware variants,so it is necessary to explore proactive anti-ransomware defense.Therefore,there is a need to explore proactive anti-ransomware defense methods to improve the ability to defend against ransomware.In this paper,we take system calls as the entry point for real malicious ransomware,and use the machine learning method based on multi-layer perceptron to study the proactive anti-ransomware technology based on system call monitoring based on the characteristic of the difference in system call sequences between ransomware and benign software.We monitor hardware performance counters to obtain the underlying system events at the hardware level,analyze and process the various hardware events that occur in the internal architecture of the processor when the program is running and the performance index data such as the number of instruction executions and timestamps,divide the preprocessed data into an 80%training set and a 20%test set,build a multilayer perceptron model,use the data from the training set to train the model in multiple iterations,and evaluate the training effect of the model using the test set to achieve the desired effect.The test set is used to evaluate the training effect of the model,so as to realize the detection of malicious ransomware.The final experimental results show that the accuracy of the model on the test set reaches 82%.The experimental results show that the method has a high accuracy rate in malicious ransomware detection,provides a feasible technical route for ransomware detection based on the hardware level,and provides a new idea for the research of active anti-ransomware technology.
维普
万方数据