- 期刊
LeNet-5卷積神經網路應用於勒索病毒分類
Ransomware Classification Using LeNet-5 Convolutional Neural Networks
摘要
近年來駭客透過不當下載進而安裝勒索病毒,綁架組織重要檔案,進行勒索金錢或比特幣,尤其鎖定工業控制系統、商業銀行、醫療機構與上市櫃公司,造成人心惶惶並增加企業資訊安全管理的高風險!故本研究針對近期發生的勒索病毒(Ransomware)威脅,透過沙盒及正規化概念分析法建立勒索病毒之行為特徵矩陣以提供模式預訓練(pre-training),再透過深度學習網路(Deep Learning Networks)之LeNet-5卷積神經網路(Convolutional Neural Networks, CNNs)進行病毒行為的學習及特徵影像識別。實驗結果證明病毒之行為特徵矩陣能明確定義病毒與攻擊行為間之關聯,透過知識本體抽象資料模型可作為勒索病毒分類(classification)與變種鑑定的參考依據,並將其轉化為規則可應用於再生能源預測帄台之病毒即時偵測,提高偵測的精確度並降低誤判率。
並列摘要
Recently, the ransomware were installed thru the use of malicious links and downloads, that kidnapped important files of organizations for money blackmail or bitcoins, especially focused on commercial banks and medical services, and public companies. Consequently, it raised a high crisis of information security management for corporates. Accordingly, the present study proposes a formal concept analysis-based security management system for Ransomware detection with malware sandbox analysis platform by analyzing the bahivoral features of malware. Then, using LeNet-5 Convolutional Neural Networks to learn the behavior of the ransomware classes for classify the pattern by using behavior characteristic matrix of the ransomware. Experimental data show that our model is capable of performing the missions including of i) explicitly identifying the mapping relations between Ransomware classes and their behavioral features, ii) As a basis of detection rules for network intrusion detection to classify the Ransomware families and their variations, and (iii) assist manager detect the malicious intrusion or illegal downloads for Ransomware from cyber threats with high accuracy and low false rate.