Ransomware real-time detecting and defending method based on file request monitoring

A file request and real-time detection technology, applied in the field of system security, can solve problems such as difficulty in using protected hosts, neglect of file recovery, and difficulty in backup, achieving lightweight deployment, improving defense capabilities, and ensuring Recoverable effects

Inactive Publication Date: 2018-01-09
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF2 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is often difficult for host users to back up their work documents in a timely and sufficient manner; and the signature matching method relies on maintaining and updating the virus signature database. With the emergence of a large number of ransomware variants, its lag is self-evident
Other detection methods, such as dynamic analysis based on virtualization sandbox, are difficu

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware real-time detecting and defending method based on file request monitoring
  • Ransomware real-time detecting and defending method based on file request monitoring
  • Ransomware real-time detecting and defending method based on file request monitoring

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The content of the present invention is described in more detail below:

[0029] A schematic diagram of the implementation process of a ransomware real-time detection and defense method based on file request monitoring is attached figure 1 shown. Wherein the dotted line box is each constituent module that the invention comprises. A lightweight monitoring module exists in the kernel space. This module will combine with the system service management module to intercept and redirect the input / output request packet (IRP) of the program under test, record the write or delete operation of the file, and These file operations are managed and performed in the region. In addition, it was invented that there are daemon processes in the user space, which are respectively called the analysis module and the early warning module. The analysis module calculates the suspiciousness score of the tested program, and the early warning module is used to prompt the user of possible maliciou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a ransomware real-time detecting and defending method based on file request monitoring, and belongs to the technical field of system security. The method includes the steps of monitoring whether a tested program has operation behaviors on a user file or not in a user host, if yes, mirroring the file to a protected storage area, operating the file in the area, recording the complete operation information, judging whether the program is ransomware or not in combination with a dubiety measuring mechanism based on the file content and operation behavior analysis, if yes, deleting the file in the protected area and deleting the program, and if not, updating and synchronizing the file according to the file in the protected area so that the consistency of data under normalcircumstances can be ensured. Through the process, the malicious ransomware can be effectively detected, the damage of malicious codes to user data is minimized, and the aim of improving the securityand defending capacity of a server host system is achieved.

Description

technical field [0001] The invention relates to the technical field of system security, in particular to a method for real-time detection and defense of ransomware based on file request monitoring. Background technique [0002] Ransomware is a new type of malicious code that spreads by means of social engineering or network worm infection, and performs destructive behaviors such as file encryption and original file deletion on the invaded host. After the user's files are encrypted, the ransomware will ask for a high ransom, and the important data in the host can only be restored after the victim pays the bitcoin ransom by using the Tor network and other methods. [0003] While ransomware is raging, most of the corresponding security protection methods are still passive defense methods such as file backup and signature antivirus. It is often difficult for host users to back up their work documents in a timely and sufficient manner; and the signature matching method relies on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 张尧
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap