Homology Analysis of Ransomware Based on Sequence Alignment

doi:10.3969/j.issn.1006-2475.2018.02.001

Abstract

Abstract: The number of ransomware is increasing rapidly while few belong to new family, most of them are mutations. A new homologous analysis approach based on API sequence of ransomware is proposed. The paper uses sandbox to extract ransomwares dynamic behavior for analyzing API category, and then encodes the feature as well as removes the repetition. Also, the sequence alignment algorithm is used to calculate the similarity between different ransomware. The dataset for the experiment contains 6 different families of ransomware and their variants. The result shows that proposed method performs well in analyzing the homology of ransomware which can be used to distinguish unknown software.

Key words: ransomware, dynamic detection, sandbox, API sequence, sequence alignment

CLC Number:

TP393.08

GONG Qi, CAO Jin-xuan, LU Tian-liang. Homology Analysis of Ransomware Based on Sequence Alignment[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2018.02.001.

References

1］ Sgandurra D，Muoz-González L， Mohsen R, et al. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection［J］. Computer Science, 2016: arXiv:1609.03020.
［2］ Cyber Threat Alliance. Lucrative Ransomware Attacks: Analysis of the Cryptowall Version 3 Threat［EB/OL］. http://www.doc88.com/p-7714530017104.html, 2016-01-13.
［3］ McAfee. Part of Intel Security. McAfee Labs Threats Report: September［EB/OL］. https://www.mcafee.com/us/resou-rces/reports/rp-quarterly-threats-sep-2016.〖KG-*5〗pdf, 2016-09-30.
［4］ Altschul S F, Gish W, Miller W, et al. Basic local alignment search tool［J］. Journal of Molecular Biology, 1990,215(3):403-410.
［5］ Cohen J. Bioinformatics_an introduction for computer scientists［J］. ACM Computing Surveys (CSUR), 2004,36(2):122-158.
［6］ Yakup K. Automated detection and classification of malware used in targeted attacks via machine learning［D］. Bilkent University, 2015.
［7］ Kirda E. UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)［C］// IEEE 24th International Conference on Software Analysis, Evolution and Reengineering. 2017:1.
［8］ Cho I K, Kim T G, Shim Y J, et al. Malware similarity analysis using API sequence alignments［J］. Journal of Internet Service and Information Security, 2014,4(4):103-114.
［9］ Kim H, Kim J, Kim I. Implementation of malware detection system based on behavioral sequences［C］// Security Technology 2016. 2016,139:348-353.
［10］Cho I K, Im E G. Malware family recommendation using multiple sequence alignment［J］. Journal of Molecular Evolution, 2016,43(3):289-295.
［11］刘阳,王小磊,李江域,等. 局部序列比对算法及其并行加速研究进展［J］. 军事医学, 2012,36(7):556-560.
［12］Smith T F, Waterman M S. Identification of common molecular subsequences［J］. Journal of Molecular Biology, 1981,147(1):195-197.
［13］Rossow C, Dietrich C J, Grier C, et al. Prudent practices for designing malware experiments: Status quo and outlook［C］// IEEE Security & Privacy. 2012:65-79.

[1]	XIAO Hang, LI Peng, MA Hui-ping, ZHU Feng, . RFID System Security Analysis Model Based on Stochastic Petri Net [J]. Computer and Modernization, 2023, 0(09): 105-114.
[2]	DAI Rui-feng. Model Construction of College Network Security System Based on SSL Virtual Technology [J]. Computer and Modernization, 2020, 0(08): 122-126.
[3]	ZHANG Yu1,2, GUO Chun1,2, SHEN Guo-wei1,2, PING Yuan3. An IDS Alerts Preprocessing Method Based on Information Entropy [J]. Computer and Modernization, 2020, 0(05): 111-.
[4]	JIANG Wan-ming1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Low-rate DDoS Attack Detection Method Based on BiLSTM [J]. Computer and Modernization, 2020, 0(05): 120-.
[5]	CAO Yong-ming. A Fuzzy Keyword Search Encryption Scheme Without Secure Channel [J]. Computer and Modernization, 2020, 0(04): 42-.
[6]	WANG Yao, LI Wei, WU Ke-he, CUI Wen-chao. Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification [J]. Computer and Modernization, 2020, 0(03): 93-.
[7]	QIN Lu-lu, ZHOU Li-jing, WANG Min. A Conditional Proxy Re-encryption Supporting Multi-keyword Search [J]. Computer and Modernization, 2020, 0(01): 100-.
[8]	ZHOU Li-jing, WANG Min, QIN Lu-lu . CP-ABE Scheme with Attribute Revocation Under Environment of Multi-attribute Authority [J]. Computer and Modernization, 2019, 0(11): 60-.
[9]	SONG Zi-hua1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Fast Trojan Detection Method Based on Network Traffic Analysis [J]. Computer and Modernization, 2019, 0(06): 9-.
[10]	WU Dong1,2, GUO Chun1,2, SHEN Guo-wei1,2. An Alert Correlation Method Based on Multi-factors [J]. Computer and Modernization, 2019, 0(06): 30-.
[11]	ZENG Qi, HAN Xiao, CAO Yong-ming. Integrated Public Key Encryption and Public Key Encryption with Keyword Search [J]. Computer and Modernization, 2019, 0(04): 103-.
[12]	MI Qian-kun1, WU Bin2, DU Ning1,QIN Xi1. Information System Security Risk Assessment Based on Incomplete Information Game Model [J]. Computer and Modernization, 2019, 0(04): 118-.
[13]	LIAN Geng-xiong . Trusted Mobile Application Market Based on Blockchain [J]. Computer and Modernization, 2019, 0(03): 58-.
[14]	SUN Yuan, LIAO Xiao-ping. Abnormal Data Detection Method Based on Intelligent Bat Algorithm [J]. Computer and Modernization, 2019, 0(03): 62-.
[15]	HAN Xiao, ZENG Qi, CAO Yong-ming . An Efficient Proxy Re-encryption Scheme with Keyword Search [J]. Computer and Modernization, 2019, 0(03): 117-.