关键词: 勒索软件, 文件损坏度, 系统损坏度, 动态检测, 文件相似度

Abstract: In the dynamic detection engine, the current methods for detecting ransomware are mainly to set trap files and detect fingerprints or monitor system API operations. Neither of these methods can accurately distinguish between ransomware and other types of malicious code. In order to improve its detection accuracy, this paper proposes the concept of file damage degree. On the basis of dynamic analysis, the paper makes a multi-dimensional inspection on the changes of files through fuzzy hashing and similarity algorithm to calculate the current file's damage degree quantitatively, which reflects the degree of threat to the current system through the file damage degree to determine whether the sample is ransomware.

Key words: Ransomware, File Damage Degree, System Damage Degree, Dynamic Detection, File similarity.