Encryption-based cyber threats continue to evolve, leveraging increasingly sophisticated cryptographic techniques to evade detection and persist within compromised systems. A hierarchical classification framework designed to analyze structural cryptographic properties provides a novel approach to distinguishing malicious encryption from legitimate cryptographic operations. By systematically decomposing encryption workflows into hierarchical layers, the classification method enhances the ability to recognize distinct patterns across diverse threat variants, reducing the dependence on predefined signatures that often fail against rapidly mutating threats. The study examines how cryptographic feature mapping facilitates improved classification accuracy, highlighting the role of entropy, key exchange mechanisms, and algorithmic dependencies in distinguishing harmful encryption activities. Through experimental validation, the framework demonstrated a high degree of precision across multiple attack families, outperforming conventional classification techniques while maintaining computational efficiency suitable for large-scale cybersecurity applications. The layered structural analysis further enhances forensic investigations, enabling security analysts to dissect encryption workflows to trace attack origins and identify commonalities across different campaigns. The methodology strengthens proactive threat mitigation efforts, offering a scalable and adaptable solution that accounts for both known and emerging encryption-based cyber threats. Comparative evaluations illustrate the advantages of structural decomposition in mitigating false positives and negatives, reinforcing the reliability of cryptographic signature classification in real-world security environments.

翻译：基于加密的网络威胁持续演变，利用日益复杂的加密技术规避检测并在受侵系统中持久驻留。本文设计了一种分析结构加密特性的分层分类框架，为区分恶意加密与合法加密操作提供了创新方法。该分类方法通过将加密工作流系统分解为层级结构，增强了对不同威胁变体间独特模式的识别能力，降低了对预定义签名特征的依赖——这类特征在面对快速变异的威胁时往往失效。本研究探讨了加密特征映射如何提升分类准确性，重点阐明了熵值、密钥交换机制及算法依赖性在区分有害加密活动中的作用。实验验证表明，该框架在多个攻击家族中均表现出高精度分类性能，在保持适用于大规模网络安全应用的计算效率的同时，其性能优于传统分类技术。分层结构分析进一步强化了取证调查能力，使安全分析师能够剖析加密工作流以追踪攻击源头，并识别不同攻击活动间的共性特征。该方法增强了主动威胁缓解能力，提供了可扩展且适应性的解决方案，能够同时应对已知及新兴的基于加密的网络威胁。对比评估证明了结构分解在降低误报率和漏报率方面的优势，从而增强了实际安全环境中加密签名分类的可靠性。