Ransomware detection method based on file status analysis

A software detection and state analysis technology, applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as powerlessness and malicious code helplessness, so as to minimize the degree of damage, improve defense capabilities, and improve security Effect

Inactive Publication Date: 2017-11-28
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the emergence of a large number of ransomware variants, the lag of signature database updates has become increasingl...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware detection method based on file status analysis
  • Ransomware detection method based on file status analysis
  • Ransomware detection method based on file status analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to make the technical problems, technical solutions and beneficial effects to be solved by the present invention clearer, the present invention will be described in detail below in conjunction with the embodiments. It should be noted that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0030] In the ransomware detection method based on file state analysis, firstly, the system sets three monitoring modules: a file content monitoring module, a file directory monitoring module, and a file addition and deletion monitoring module, an analysis module, a response module, and a monitoring time window W; then, Starting from the multi-faceted logic of the file state in the host, within each time unit of length W, comprehensively combine the three aspects of file content monitoring, file directory monitoring, and file addition and deletion monitoring to continuously monitor the file access behavi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention especially relates to a ransomware detection method based on file status analysis. According to the ransomware detection method based on file status analysis, in a monitoring time window W, file access behaviors of a to-be-detected program are continuously inspected at three aspects including file content monitoring, file directory monitoring and file additions and deletions monitoring, monitoring factors are fed back to an analysis module of a system, and if the numerical value sum of the monitoring factors reaches or exceeds a preset alarm threshold value, the to-be-detected program is determined to be a ransomware. According to the ransomware detection method based on file status analysis, ransomware characteristics of the to-be-detected program are accurately reflected through analyzing status of an modified object of the ransomware; and legal software and potential ransomware can be efficiently distinguished by the multi-aspect logic comprehensive judgment method, degrees of damage of host files by malicious codes are minimized, and finally the purposes of improving self security and defense capability of the server host system are achieved.

Description

technical field [0001] The invention relates to the technical field of software detection methods, in particular to a ransomware detection method based on file state analysis. Background technique [0002] Ransomware is a new type of malicious code that spreads by means of social engineering or network worm infection, and performs destructive behaviors such as file encryption on the invaded host. Ransomware will ask for a high ransom, and the victim can restore the important files affected in the host after paying the ransom. Undoubtedly, ransomware has become one of the biggest threats to the host computer security of large enterprises and even individual users at this stage. [0003] Most current ransomware detection technologies follow the traditional method of signature signatures. Security software matches the signatures of unknown samples with the signature data of the local signature database. If there is a match, the software is prevented from running. With the eme...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 张尧
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap