Journal of Information Security Research ›› 2018, Vol. 4 ›› Issue (4): 387-392.

Previous Articles    

A Ransomware Testing Method Based on File Damage Degree


  • Received:2018-04-20 Online:2018-04-15 Published:2018-04-20



  1. 四川大学 计算机学院
  • 通讯作者: 雷春
  • 作者简介:雷春,1992年生,四川大学计算机科学与技术硕士,主要研究信息安全。 李娜,1992年生,四川大学计算机科学与技术硕士,主要研究信息安全。

Abstract: In the dynamic detection engine, the current methods for detecting ransomware are mainly to set trap files and detect fingerprints or monitor system API operations. Neither of these methods can accurately distinguish between ransomware and other types of malicious code. In order to improve its detection accuracy, this paper proposes the concept of file damage degree. On the basis of dynamic analysis, the paper makes a multi-dimensional inspection on the changes of files through fuzzy hashing and similarity algorithm to calculate the current file's damage degree quantitatively, which reflects the degree of threat to the current system through the file damage degree to determine whether the sample is ransomware.

Key words: Ransomware, File Damage Degree, System Damage Degree, Dynamic Detection, File similarity.

摘要: 在动态检测引擎中,当前检测勒索软件常用的方法主要为设置陷阱文件并检测其指纹变化或监控系统API操作。而这两种方法都不能准确的的区分勒索软件和其他类型的恶意代码。为提高其检测准确性,本文提出文件损坏度这个概念。在动态分析基础上通过模糊哈希,相似度算法等对文件变化进行多维度检测,定量计算出当前文件损坏度,通过文件损坏度反应当前系统所受到的威胁程度,从而确定该样本是否为勒索软件。

关键词: 勒索软件, 文件损坏度, 系统损坏度, 动态检测, 文件相似度