题名

LeNet-5卷積神經網路應用於勒索病毒分類

并列篇名

Ransomware Classification Using LeNet-5 Convolutional Neural Networks

作者

王平(Ping Wang);洪維謙(Wei-Qian, Hong);蔡東霖(Dong-Lin Tsai);周明勝(Ming-Sheng Jhou)

关键词

勒索病毒 ; 病毒分類 ; 卷積神經網路 ; LeNet-5 ; 行為特徵 ; Ransomware ; Virus classification ; Convolutional Neural Networks ; LeNet-5 ; Behavior feature

期刊名称

資訊安全通訊

卷期/出版年月

26卷2期(2020 / 05 / 01)

页次

21 - 48

内容语文

繁體中文
中文摘要

近年來駭客透過不當下載進而安裝勒索病毒,綁架組織重要檔案,進行勒索金錢或比特幣,尤其鎖定工業控制系統、商業銀行、醫療機構與上市櫃公司,造成人心惶惶並增加企業資訊安全管理的高風險!故本研究針對近期發生的勒索病毒(Ransomware)威脅,透過沙盒及正規化概念分析法建立勒索病毒之行為特徵矩陣以提供模式預訓練(pre-training),再透過深度學習網路(Deep Learning Networks)之LeNet-5卷積神經網路(Convolutional Neural Networks, CNNs)進行病毒行為的學習及特徵影像識別。實驗結果證明病毒之行為特徵矩陣能明確定義病毒與攻擊行為間之關聯,透過知識本體抽象資料模型可作為勒索病毒分類(classification)與變種鑑定的參考依據,並將其轉化為規則可應用於再生能源預測帄台之病毒即時偵測,提高偵測的精確度並降低誤判率。
英文摘要

Recently, the ransomware were installed thru the use of malicious links and downloads, that kidnapped important files of organizations for money blackmail or bitcoins, especially focused on commercial banks and medical services, and public companies. Consequently, it raised a high crisis of information security management for corporates. Accordingly, the present study proposes a formal concept analysis-based security management system for Ransomware detection with malware sandbox analysis platform by analyzing the bahivoral features of malware. Then, using LeNet-5 Convolutional Neural Networks to learn the behavior of the ransomware classes for classify the pattern by using behavior characteristic matrix of the ransomware. Experimental data show that our model is capable of performing the missions including of i) explicitly identifying the mapping relations between Ransomware classes and their behavioral features, ii) As a basis of detection rules for network intrusion detection to classify the Ransomware families and their variations, and (iii) assist manager detect the malicious intrusion or illegal downloads for Ransomware from cyber threats with high accuracy and low false rate.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. 林孝忠,王帄,洪維謙(2019)。網路勒索病毒的特徵分析與知識本體模型建構。Communications of the CCISA,25(2),37-58。
    連結:
  2. 洪維謙,王帄(2019)。崑山科技大學資訊管理系。
    連結:
  3. Wikipedia, LeNet, https://en.wikipedia.org/wiki/LeNet (2019/11/11)
  4. Wikipedia, “Formal Concept Analysis,http://en.wikipedia.org/wiki/Formal_concept_analysis). (2019/06/10)
  5. Wikipedia, Convolutional neural network, https://en.wikipedia.org/wiki/Convolutional_neural_network (2017/09/15)
  6. Wikipedia, WannaCry, https://zh.wikipedia.org/wiki/WannaCry.(2019/10/27)
  7. ANYRUN - Interactive Online Malware Sandbox, https://app.any.run/ (2019/06/13)
  8. A. Endermanch, MalwareDatabase, https://github.com/Endermanch/MalwareDatabase) (2019/06/11)
  9. HoneyNet, Cuckoo Sandbox, https://github.com/cuckoosandbox/cuckoo) (2019/06/10)
  10. Javaid, A. Y.,Niyaz, Q.,Sun, W.,Alam, M.(2015).A Deep Learning Approach for Network Intrusion Detection System.Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies
  11. Jinni, Hub of Tutorials, tutorialjinni.com, https://www.tutorialjinni.com(2019/06/13)
  12. Y. Nativ, theZoo, (available online at https://github.com/ytisf/theZoo) (2019/03/08)
  13. Noy, N.F.,McGuinness, D.L.(2001).Stanford Knowledge Systems LaboratoryTechnical ReportStanford Knowledge Systems LaboratoryTechnical Report,未出版
  14. A. Rosebrock, Rants, “Get off the deep learning bandwagon and get some perspective, Machine Learning, 2014,https://www.pyimagesearch.com/2014/06/09/get-deep-learning-bandwagon-get-perspective/
  15. Saxe, J.,Berlin, K.(2015).,未出版
  16. Standard University, Protégé, https://protege.stanford.edu/ (2019/03/10)
  17. Szegedy, C.,Vanhoucke, V.,Ioffe, S.,Wojna, Z.(2016).Rethinking the Inception Architecture for Computer Vision.Proceedings of the IEEE on Computer Vision and Pattern
  18. TechOrange,“ 趨勢科技教你逃離勒索病毒 WannaCry,從今天開始備份、拒當人質!”,2017-05-15,https://buzzorange.com/techorange/2017/05/15/trendmicro-wannacry/. (2019/11/08)
  19. Tobiyama, S.,Yamaguchi†, Y.,Shimada, H.,Ikuse, T.,Yagi, T.(2016).Malware Detection with Deep Neural Network using Process Behavior.IEEE 40th Annual Computer Software and Applications Conference
  20. Uschold, M.,Gruninger, M.(1996).Ontologies: Principles, Methods and Applications.The Knowledge Engineering Review,11(2)
  21. Witten, I. H.,Frank, E.(2005).Data Mining: Practical Machine Learning Tools and Techniques.Morgan Kaufmann Publishers.
  22. WordPress, “Fighting malware for better online gaming experiences,” http://www.cuckoobox.org/ (2019/03/10)
  23. 呂星學(2003)。國防大學國防資訊研究所。
  24. 科技新報, “深度學習助網路攻擊偵測率升至 99%,NVIDIA 出資力挺”,2017-07-13 , https://technews.tw/2017/07/13/nvidia-investment-deep-instinct/ (2019/11/11)
  25. 寇廣,湯光明,王碩,宋海濤,邊媛(2016)。深度學習在僵屍雲檢測中的應用研究。通信學報,37(11),114-128。
  26. 陳智德, “醫療產業駭客威脅日益增加零信任網路成為安全架構之一”, DIGITIMES, 2018-03-09, https://www.digitimes.com.tw/iot/article.asp?cat=158&cat1=20&id=0000525540_9IT4KNVC5HNXBAL6NI23B (2018/11/08)
  27. 韓曉光,曲武,姚宣霞(2014)。基於紋理指紋的惡意程式碼變種檢測方法研究。通信學報,35(8),125-136。
  28. 羅正漢, “徹底揭露 2019 年臺灣最大規模病毒攻擊事件勒索軟體衝擊!全臺醫療院所資安拉警報”, iThome, 2019-11-14, https://www.ithome.com.tw/news/134108 (2019/11/11)
print cancel