Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2020, Vol. 60 Issue (5): 402-407    DOI: 10.16511/j.cnki.qhdxxb.2020.25.010
  专题:漏洞分析与风险评估 本期目录 | 过刊浏览 | 高级检索 |
基于数字疫苗的隐遁勒索病毒攻击动态防御模型
张瑜1, 刘庆中2, 石元泉3, 曹均阔1
1. 海南师范大学 计算机系, 海口 571158, 中国;
2. 萨姆休斯顿州立大学 计算机系, 休斯顿 77340, 美国;
3. 怀化学院 计算机科学与工程学院, 怀化 418000, 中国
Digital vaccine-based dynamic defense model for stealthy ransomware attacks
ZHANG Yu1, LIU Qingzhong2, SHI Yuanquan3, CAO Junkuo1
1. Department of Computer Science, Hainan Normal University, Haikou 571158, China;
2. Department of Computer Science, Sam Houston State University, Houston 77340, USA;
3. School of Computer Science and Engineering, Huaihua University, Huaihua 418000, China
全文: PDF(2526 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 针对隐遁勒索病毒攻击威胁性极大以及传统方法对其防御不力的问题,该文提出了一种基于数字疫苗的隐遁勒索病毒攻击动态防御模型。借鉴生物免疫机理,给出了数字疫苗、抗原、抗体及抗体浓度等免疫概念的形式化定义。首先,通过接种数字疫苗(创建诱饵文件和文件夹),使系统生成抵御隐遁勒索病毒攻击的未成熟抗体;其次,通过免疫抗体动态演化机制,生成能抵御隐遁勒索病毒抗原的成熟抗体与记忆抗体;最后,通过在内核层和应用层实施双重动态监控抗体浓度变化,并借助交叉视图法来实时感知隐遁勒索病毒攻击。理论分析与实验结果表明:该模型有效解决了隐遁勒索病毒攻击难以实时检测的问题,且较传统方法性能更高。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
张瑜
刘庆中
石元泉
曹均阔
关键词 数字疫苗免疫危险理论隐遁勒索病毒攻击危险信号抗体浓度    
Abstract:Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or permanently block access to it unless a ransom is paid. Stealthy ransomware is a new type of ransomware that tries to evade detection by deleting all hard copies of its files and just residing in a process running in memory. This study uses danger theory for the biological immune system to design a digital vaccine-based dynamic defense model for stealthy ransomware attacks. Formal definitions are given for some immune concepts such as digital vaccine, antigen, antibody and antibody concentration. Vaccinations with digital vaccines (creating bait files and folders) give the system immature antibodies against stealthy ransomware attacks. The system quickly detects stealthy ransomware attacks using dynamic monitoring of the stealthy ransomware attack antigens in both the core and application layers and by monitoring the dynamic evolution of antibodies and changes of the antibody concentration. Analyses and tests show that the model provides effective real-time detection of stealthy ransomware attacks that are more effective than traditional methods.
Key wordsdigital vaccine    immune danger theory    stealthy ransomware attacks    danger signals    antibody concentration
收稿日期: 2019-06-02      出版日期: 2020-04-26
基金资助:石元泉,教授,E-mail:syuanquan@163.com
引用本文:   
张瑜, 刘庆中, 石元泉, 曹均阔. 基于数字疫苗的隐遁勒索病毒攻击动态防御模型[J]. 清华大学学报(自然科学版), 2020, 60(5): 402-407.
ZHANG Yu, LIU Qingzhong, SHI Yuanquan, CAO Junkuo. Digital vaccine-based dynamic defense model for stealthy ransomware attacks. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 402-407.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2020.25.010  或          http://jst.tsinghuajournals.com/CN/Y2020/V60/I5/402
  
  
  
  
  
  
  
[1] Carbon Black. The ransomware economy[R]. https://www.carbonblack.com/wp-content/uploads/2017/10/Carbon-Black-Ransomware-Economy-Report-101117.pdf,2019.
[2] KRUNAL G, VIRAL P. Survey on ransomware:A new era of cyber attack[J]. International Journal of Computer Applications, 2017, 168(3):38-41.
[3] MANSFIELD-DEVINE S. Fileless attacks:Compromising targets without malware[J]. Network Security, 2017, 2017(4):7-11.
[4] AL-RIMY B A S, MAAROF M A, SHAID S Z M. Ransomware threat success factors, taxonomy, and countermeasures:A survey and research directions[J]. Computers & Security, 2018, 74:144-166.
[5] KHARRAZ A, ROBERTSON W, KIRDA E. Protecting against ransomware:A new line of research or restating classic ideas?[J]. IEEE Security & Privacy, 2018, 16(3):103-107.
[6] HAMPTON N, BAIG Z, ZEADALLY S. Ransomware behavioural analysis on windows platforms[J]. Journal of Information Security and Applications, 2018, 40:44-51.
[7] HOMAYOUN S, DEHGHANTANHA A, AHMADZADEH M, et al. Know abnormal, find evil:Frequent pattern mining for ransomware threat hunting and intelligence[J]. IEEE Transactions on Emerging Topics in Computing, 2018. DOI:10.1109/TETC.2017.2756908.
[8] SRINIVASAN C R. Hobby hackers to billion-dollar industry:The evolution of ransomware[J]. Computer Fraud & Security, 2017, 2017(11):7-9.
[9] MCGILL J K. Ransomware:Is your practice protected?[J]. Journal of Clinical Orthodontics:JCO, 2018, 52(4):237-239.
[10] BREWER R. Ransomware attacks:Detection, prevention and cure[J]. Network Security, 2016, 2016(9):5-9.
[11] LI T. Dynamic detection for computer virus based on immune system[J]. Science in China Series F:Information Science, 2008, 51(10):1475-1486.
[12] PENNISI E. Immunology:Teetering on the brink of danger[J]. Science, 1996, 271(5256):1665-1667.
[13] YOSIFOVICH P, RUSSINOVICH M E, SOLOMON D A, et al. Windows internals, Part 1:System architecture, processes, threads, memory management, and more[M]. 7th ed. Hoboken:Microsoft Press, 2017.
[14] PERELSON A S, WEISBUCH G. Immunology for physicists[J]. Review of Modern Physics, 1997, 69(4):1219-1263.
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn