AI增强勒索病毒：工作机理与防御方法

李业深; 董鹏; 朱贺; 郭孝天; 尹晨旭; 熊轲

doi:10.11959/j.issn.2096-3750.2026.00511

您当前的位置：

首页 >

文章列表页 >

AI增强勒索病毒：工作机理与防御方法

理论与技术 | 更新时间：2026-04-14

- AI增强勒索病毒：工作机理与防御方法
- AI-assisted ransomware：operating principles and defense methods
- 物联网学报 2026年10卷第1期页码：125-138
- 作者机构：
  
  1.北京交通大学高速铁路网络管理教育部工程研究中心，北京 100044
  2.北京交通大学计算机科学与技术学院，北京 100044
  3.中铁信（北京）网络技术研究院有限公司，北京100044
- 作者简介：
  
  [ "李业深（2000‒ ），男，北京交通大学计算机科学与技术学院博士生，主要研究方向为人工智能、高铁无线通信、网络安全。" ]
  [ "董鹏（1977‒ ），男，中铁信（北京）网络技术研究院有限公司高级工程师，主要研究方向为网络安全。" ]
  [ "朱贺（1994‒ ），女，中铁信（北京）网络技术研究院有限公司工程师，主要研究方向为网络安全。" ]
  [ "郭孝天（2002‒ ），男，北京交通大学计算机科学与技术学院硕士生，主要研究方向为机器学习、目标检测。" ]
  [ "尹晨旭（2001‒ ），男，北京交通大学计算机科学与技术学院硕士生，主要研究方向为扩散模型、语义通信。" ]
  [ "熊轲（1981‒ ），男，博士，北京交通大学计算机科学与技术学院教授、副院长，主要研究方向为人工智能+5G/6G网络、无线大数据分析与处理、AI赋能的移动网络优化设计、绿色智慧物联网、网络大数据分析、雾计算/边缘计算、室内定位、基于无线大数据的人体姿态识别。" ]
- 基金信息：
  
  国家自然科学基金资助项目(62071033);北京市自然科学基金昌平创新联合基金资助项目(L234084);中国国家铁路集团有限公司科研专项(L2023W001)
- DOI：10.11959/j.issn.2096-3750.2026.00511
  中图分类号： TP18;TP393.08
- 收稿：2025-03-18，
  
  修回：2025-06-30，
  
  录用：2025-08-07，
  
  纸质出版：2026-03-30
- 稿件说明：
移动端阅览
李业深,董鹏,朱贺等.AI增强勒索病毒：工作机理与防御方法[J].物联网学报,2026,10(01):125-138.

Li Yeshen,Dong Peng,Zhu He,et al.AI-assisted ransomware：operating principles and defense methods[J].Chinese Journal on Internet of Things,2026,10(01):125-138.
李业深,董鹏,朱贺等.AI增强勒索病毒：工作机理与防御方法[J].物联网学报,2026,10(01):125-138. DOI： 10.11959/j.issn.2096-3750.2026.00511.

Li Yeshen,Dong Peng,Zhu He,et al.AI-assisted ransomware：operating principles and defense methods[J].Chinese Journal on Internet of Things,2026,10(01):125-138. DOI： 10.11959/j.issn.2096-3750.2026.00511.

摘要

随着数字经济的迅猛发展，网络安全风险日益加剧。据相关报道，勒索病毒已成为网络空间最具破坏性的威胁之一。值得警惕的是，网络黑客正在不断尝试利用先进的人工智能（AI

artificial intelligence）技术培育新型勒索病毒，使得病毒更智能、更具隐蔽性和破坏力。因此，如何全面审视AI对网络安全带来的新影响，深入揭示其工作原理并研究和构建有效的防御方法迫在眉睫。目前，尚未有文献系统全面地总结并分析AI增强勒索病毒危害的原理和影响。为此，首先，对勒索病毒进行了分类；接着，剖析了勒索病毒的攻击流程；然后，结合最新研究进展，深入阐述了AI增强勒索病毒的工作机理；最后，从预防、预测、检测、识别及缓解5个方面，系统归纳了基于AI的勒索病毒应对措施，并分析了AI增强勒索病毒的发展趋势与未来可能研究方向，旨在为网络安全领域的从业者提供有价值的参考与启示。

Abstract

With the rapid development of the digital economy

cybersecurity risks have become increasingly severe. According to relevant reports

ransomware has emerged as one of the most destructive threats in cyberspace. Alarmingly

cybercriminals are continuously leveraging advanced artificial intelligence (AI) technologies to develop next-generation ransomware

making these attacks more intelligent

covert

and damaging. Consequently

it is imperative to comprehensively examine the new impact of AI on cybersecurity

deeply reveal the operating principles of AI-assisted ransomware

and build effective defense strategies. At present

there is a lack of systematic and comprehensive literature analyzing the operating principles and impacts of AI-assisted ransomware. To address this gap

firstly

ransomware was categorized. Subsequently

the attack process of ransomware was analyzed. And then

combined with the latest research progress

the operating principles of AI-assisted ransomware were elaborated in depth. Finally

response measures to operating principles ransomware were systematically summarized from five key perspectives: prevention

prediction

detection

identification and mitigation. Additionally

the development trends and potential future research directions of AI-assisted ransomware were analyzed

aiming to provide valuable insights and guidance for practitioners in the field of cybersecurity.

关键词

Keywords

references

曾敏 , 戴卫龙 . 勒索病毒原理分析与企业有效防范勒索病毒研究 [J ] . 现代信息科技 , 2019 , 3 ( 18 ): 124 - 125, 128 .

Zeng M , Dai W L . Principle analysis of blackmail virus and research on effective prevention of blackmail virus in enterprises [J ] . Modern Information Technology , 2019 , 3 ( 18 ): 124 - 125, 128 .

李白咏 . 网络勒索赎金创新纪录，“勒索软件即服务”成新趋势 [J ] . 中国电信业 , 2022 ( 4 ): 62 - 63 .

Li B Y . Online ransom set a new record, and “ransomware as a service” became a new trend [J ] . China Telecommunications Trade , 2022 ( 4 ): 62 - 63 .

北京瑞星网安技术有限公司 . 瑞星2024年中国网络安全报告 [R ] . 2024 .

Beijing Rising Cybersecurity Technology Co., Ltd. . Rising 2024 China cybersecurity report [R ] . 2024 .

Sarkar S , Sharma P . Preventing ransomware attacks: countermeasures and best practices [M ] . Hershey : IGI Global , 2022 : 32 - 45 .

郑啸宇 , 杨莹 , 汪龙 . 基于ATT&CK模型的勒索软件组织攻击方法研究 [J ] . 信息安全研究 , 2023 , 9 ( 11 ): 1054 - 1060 .

Zheng X Y , Yang Y , Wang L . Analysis of attack methods of ransomware organizations based on ATT&CK [J ] . Journal of Information Security Research , 2023 , 9 ( 11 ): 1054 - 1060 .

董昱宏 , 宋广佳 . 勒索病毒技术发展研究综述 [J ] . 计算机应用与软件 , 2023 , 40 ( 1 ): 331 - 343 .

Dong Y H , Song G J . Review on the technology development of ransomware [J ] . Computer Applications and Software , 2023 , 40 ( 1 ): 331 - 343 .

O’Kane P , Sezer S , Carlin D . Evolution of ransomware [J ] . IET Networks , 2018 , 7 ( 5 ): 321 - 327 .

Kok S H , Abdullah A , Jhanjhi N , et al . Prevention of crypto-ransomware using a pre-encryption detection algorithm [J ] . Computers , 2019 , 8 ( 4 ): 79 .

Lemmou Y , Souidi E M . Infection, self-reproduction and overinfection in ransomware: the case of TeslaCrypt [C ] // Proceedings of the 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) . Piscataway : IEEE Press , 2018 : 1 - 8 .

Chen Q , Bridges R A . Automated behavioral analysis of malware: a case study of WannaCry ransomware [C ] // Proceedings of the 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) . Piscataway : IEEE Press , 2018 : 454 - 460 .

Liao K , Zhao Z M , Doupe A , et al . Behind closed doors: measurement and analysis of CryptoLocker ransoms in Bitcoin [C ] // Proceedings of the 2016 APWG Symposium on Electronic Crime Research (eCrime) . Piscataway : IEEE Press , 2016 : 1 - 13 .

Thakkar S . Ransomware: exploring the electronic form of extortion [J ] . Department of Computer Applications , 2014 , 2 .

Ameer M , Murtaza S , Aleem M . A study of android-based ransomware: discovery, methods, and impacts [J ] . Journal of Information Assurance & Security , 2018 , 13 ( 3 ).

Verma M , Kumarguru D P , Deb S B , et al . Analysing indicator of compromises for ransomware: leveraging IOCs with machine learning techniques [C ] // Proceedings of the 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) . Piscataway : IEEE Press , 2018 : 154 - 159 .

Varlioglu S , Gonen B , Ozer M , et al . Is cryptojacking dead after coinhive shutdown? [C ] // Proceedings of the 2020 3rd International Conference on Information and Computer Technologies (ICICT) . Piscataway : IEEE Press , 2020 : 385 - 389 .

Bijmans H L J , Booij T M , Doerr C . Inadvertently making cyber criminals rich: a comprehensive study of cryptojacking campaigns at Internet scale [C ] // Proceedings of the 28th USENIX Security Symposium (USENIX Security 19) . Berkeley : USENIX Association , 2019 : 1627 - 1644 .

McCormack C . Five stages of a web malware attack [EB ] ., 2016 .

Mcknight J . The evolution of ransomware and breadth of its economic impact [D ] . Utica : Utica College , 2017 .

Hacquebord F , Hilt S , Sancho D . The near and far future of ransomware business models [J ] . Trend Micro Research , 2022 .

Chimmanee K , Jantavongso S . Digital forensic of Maze ransomware: a case of electricity distributor enterprise in ASEAN [J ] . Expert Systems with Applications , 2024 , 249 : 123652 .

Oz H , Aris A , Levi A , et al . A survey on ransomware: evolution, taxonomy, and defense solutions [J ] . ACM Computing Surveys , 2022 , 54 ( 11 s): 1 - 37 .

刘国宏 . 勒索病毒研究与企业应对实例 [J ] . 网络安全技术与应用 , 2017 ( 11 ): 113 - 114, 131 .

Liu G H . Research on blackmail virus and examples of enterprise’s response [J ] . Network Security Technology & Application , 2017 ( 11 ): 113 - 114, 131 .

Lindorfer M , Neumayr M , Caballero J , et al . POSTER: cross-platform malware: write once, infect everywhere [C ] // Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security-CCS'13 . New York : ACM Press , 2013 : 1425 - 1428 .

诸葛建伟 , 韩心慧 , 周勇林 , 等 . 僵尸网络研究 [J ] . 软件学报 , 2008 , 19 ( 3 ): 702 - 715 .

Zhuge J W , Han X H , Zhou Y L , et al . Research and development of botnets [J ] . Journal of Software , 2008 , 19 ( 3 ): 702 - 715 .

Brundage M , Avin S , Clark J , et al . The malicious use of artificial intelligence: forecasting, prevention, and mitigation [PP ] . V2. arXiv ( 2024-12-01 )[ 2025-02-10 ] . arXiv. 1802 . 07228 .

Anderson H S , Kharkar A , Filar B , et al . Learning to evade static PE machine learning malware models via reinforcement learning [PP ] . V2. arXiv ( 2018-01-30 )[ 2025-02-10 ] . arXiv: 1801.08917 .

Labaca-Castro R , Franz S , Rodosek G D . AIMED-RL: exploring adversarial malware examples with reinforcement learning [C ] // Proceedings of the Machine Learning and Knowledge Discovery in Databases . Applied Data Science Track . Cham : Springer International Publishing , 2021 : 37 - 52 .

Song W , Li X , Afroz S , et al . MAB-malware: a reinforcement learning framework for blackbox generation of adversarial malware [C ] // Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security . New York : ACM Press , 2022 : 990 - 1003 .

Luchinger J . AI-powered ransomware to optimize its impact on IoT spectrum sensors [D ] . Zurich : University of Zurich , 2023 .

Von D A J , Celdrán A H , Luechinger J , et al . RansomAI: AI-powered ransomware for stealthy encryption [C ] // Proceedings of the GLOBECOM 2023 IEEE Global Communications Conference . Piscataway : IEEE Press , 2024 : 2578 - 2583 .

Castro R L , Schmitt C , Dreo G . AIMED: evolving malware with genetic programming to evade detection [C ] // Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy In Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) . Piscataway : IEEE Press , 2019 : 240 - 247 .

Chung K , Kalbarczyk Z T , Iyer R K . Availability attacks on computing systems through alteration of environmental control: smart malware approach [C ] // Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems . New York : ACM Press , 2019 : 1 - 12 .

Jha S , Cui S K , Banerjee S , et al . ML-driven malware that targets AV safety [C ] // Proceedings of the 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . Piscataway : IEEE Press , 2020 : 113 - 124 .

Anderson H S , Woodbridge J , Filar B . DeepDGA: adversarially-tuned domain generation and detection [C ] // Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security . New York : ACM Press , 2016 : 13 - 21 .

Hu W W , Tan Y . Generating adversarial malware examples for black-box attacks based on GAN [C ] // Proceedings of the Data Mining and Big Data . Singapore : Springer , 2022 : 409 - 423 .

Stoecklin M P , Jang J , Kirat D . Deeplocker: how AI can power a stealthy new breed of malware [J ] . Security Intelligence , 2018 , 8 ( 2018 ): 2018 .

Bendel O . The synthetization of human voices [J ] . AI & Society , 2019 , 34 ( 1 ): 83 - 89 .

Teichmann F . Ransomware attacks in the context of generative artificial intelligence: an experimental study [J ] . International Cybersecurity Law Review , 2023 , 4 ( 4 ): 399 - 414 .

Adams T . AI-powered social bots [PP ] . arXiv ( 2017-06-16 )[ 2025-02-11 ] . arXiv: 1706.05143 .

Radford A , Wu J , Child R , et al . Language models are unsupervised multitask learners [J ] . OpenAI Blog , 2019 , 1 ( 8 ): 9 .

Danziger M , Henriques M A A . Attacking and defending with intelligent botnets [C ] // Proceedings of XXXV Simpósio Brasileiro de Telecomunicaç oes e Processamento de Sinais-SBrT , 2017 : 457 - 461 .

Trieuk K , Yang Y . Artificial intelligence-based password brute force attacks [C ] // Proceedings of the 13th Annual Conference of the Midwest AIS (MWAIS’18 ), 2018 : 1 - 7 .

Kudo T , Kimura T , Inoue Y , et al . Stochastic modeling of self-evolving botnets with vulnerability discovery [J ] . Computer Communications , 2018 , 124 : 101 - 110 .

Razaulla S , Fachkha C , Markarian C , et al . The age of ransomware: a survey on the evolution, taxonomy, and research directions [J ] . IEEE Access , 2023 , 11 : 40698 - 40723 .

Lee S , Kim H K , Kim K . Ransomware protection using the moving target defense perspective [J ] . Computers & Electrical Engineering , 2019 , 78 : 288 - 299 .

Ami O , Elovici Y , Hendler D . Ransomware prevention using application authentication-based file access control [C ] // Proceedings of the 33rd Annual ACM Symposium on Applied Computing . New York : ACM Press , 2018 : 1610 - 1619 .

Xu S Y . The application of machine learning in Bitcoin ransomware family prediction [C ] // Proceedings of the 2021 the 5th International Conference on Information System and Data Mining . New York : ACM Press , 2021 : 21 - 27 .

Chang H Y , Lin T L , Hsu T F , et al . Implementation of ransomware prediction system based on weighted-KNN and real-time isolation architecture on SDN networks [C ] // Proceedings of the 2019 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW) . Piscataway : IEEE Press , 2020 : 1 - 2 .

Mathane V , Lakshmi P V . Predictive analysis of ransomware attacks using context-aware AI in IoT systems [J ] . International Journal of Advanced Computer Science and Applications , 2021 , 12 ( 4 ).

Shu L H , Dong S , Su H D , et al . Android malware detection methods based on convolutional neural network: a survey [J ] . IEEE Transactions on Emerging Topics in Computational Intelligence , 2023 , 7 ( 5 ): 1330 - 1350 .

Li Z D , Rios A L G , Trajković L . Machine learning for detecting the WestRock ransomware attack using BGP routing records [J ] . IEEE Communications Magazine , 2023 , 61 ( 3 ): 20 - 26 .

Zhang B , Xiao W T , Xiao X , et al . Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes [J ] . Future Generation Computer Systems , 2020 , 110 : 708 - 720 .

Dong S , Shu L H , Nie S . Android malware detection method based on CNN and DNN hybrid mechanism [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 5 ): 7744 - 7753 .

乐任 . 基于机器学习的医院网络勒索软件攻击识别与防御策略研究 [J ] . 大数据与人工智能 , 2024 , 5 ( 1 ): 16 - 18 .

Le R . Research on hospital network ransomware attack identification and defense strategies based on ML [J ] . Big Data and Artificial Intelligence , 2024 , 5 ( 1 ): 16 - 18 .

Homayoun S , Dehghantanha A , Ahmadzadeh M , et al . DRTHIS: deep ransomware threat hunting and intelligence system at the fog layer [J ] . Future Generation Computer Systems , 2019 , 90 : 94 - 104 .

Sharmeen S , Ahmed Y A , Huda S , et al . Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches [J ] . IEEE Access , 2020 , 8 : 24522 - 24534 .

Naeem H , Cheng X C , Ullah F , et al . A deep convolutional neural network stacked ensemble for malware threat classification in Internet of things [J ] . Journal of Circuits, Systems and Computers , 2022 , 31 ( 17 ): 2250302 .

Naeem H , Dong S , Falana O J , et al . Development of a deep stacked ensemble with process based volatile memory forensics for platform independent malware detection and classification [J ] . Expert Systems with Applications , 2023 , 223 : 119952 .

Faghihi F , Zulkernine M . RansomCare: data-centric detection and mitigation against smartphone crypto-ransomware [J ] . Computer Networks , 2021 , 191 : 108011 .

Fernández M L , Huertas C A , Perales G A L , et al . Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments [J ] . Sensors , 2019 , 19 ( 5 ): 1114 .

Paanaras A , Silverstein B , Edwards S . Automated cooperative clustering for proactive ransomware detection and mitigation using machine learning [J ] . Authorea Preprints , 2024 .

Ferdous J , Islam R , Mahboubi A , et al . AI-based ransomware detection: a comprehensive review [J ] . IEEE Access , 2024 , 12 : 136666 - 136695 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

深度学习在眼科疾病辅助诊断中的应用综述

联邦学习赋能6G网络综述

车联网边缘智能：概念、架构、问题、实施和展望

边云协同智能技术在电力领域的应用