Identification method, apparatus and device for ransomware, and safety processing method

A technology for identifying equipment and software, applied in the field of network security, can solve problems such as low processing efficiency and lag, and achieve the effect of improving recognition efficiency and recognition accuracy

Active Publication Date: 2019-01-29
ALIBABA GRP HLDG LTD
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present application provides a ransomware identification method, device and equipment, and a security processing method, to at least solve the technical problem that the existing ransomware identification method is lagged in blacklist identification, resulting in low processing efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Identification method, apparatus and device for ransomware, and safety processing method
  • Identification method, apparatus and device for ransomware, and safety processing method
  • Identification method, apparatus and device for ransomware, and safety processing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] According to an embodiment of the present application, an embodiment of a ransomware identification device is provided, figure 1 is a schematic diagram of a ransomware identification device according to an embodiment of the present application, such as figure 1 As shown, the identified devices of this ransomware include:

[0029] The monitoring device 102 is configured to monitor the newly created process.

[0030] The processor 104 is configured to determine an identification threshold for identifying a process corresponding to ransomware based on the operation behavior of the abnormal operation when an abnormal operation of the process is monitored, and determine the process as ransomware when the identification threshold meets a preset threshold The corresponding process, wherein, the abnormal operation refers to an operation that matches multiple operation behaviors performed by the process corresponding to the pre-acquired ransomware.

[0031] Specifically, the a...

Embodiment 2

[0050] According to the embodiment of the present application, an embodiment of a method for identifying ransomware is also provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0051] The ransomware identification method embodiment provided by this application can be applied to public clouds in the Internet field (for example, Baidu Cloud, Tencent Cloud, Alibaba Cloud, etc.), and some relatively large network sites (for example, commercial companies, search engines, or sites of government departments, etc.) to defend against ransomware.

[0052] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer term...

Embodiment 3

[0116] According to an embodiment of the present application, a ransomware identification device for implementing the above ransomware identification method is also provided, such as Figure 5 As shown, the apparatus 500 includes: a monitoring unit 502 , a first determining unit 504 and a second determining unit 506 .

[0117] Wherein, the monitoring unit 502 is used to monitor the newly-created process; the first determination unit 504 is used to determine the identification threshold for identifying the process as a process corresponding to ransomware based on the operation behavior of the abnormal operation when monitoring the abnormal operation of the process, wherein, An abnormal operation refers to an operation that matches multiple operational behaviors performed by a process corresponding to ransomware obtained in advance; the second determining unit 506 is configured to determine the process as a process corresponding to ransomware when the recognition threshold meets ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present application discloses an identification method, an apparatus and a device for ransomware, and a safety processing method. The identification device of the extortion software comprises a monitoring device for monitoring the newly-built process; a processor configured to determine an identification threshold value for identifying a process corresponding to the blackmail software based onthe operation behavior of the abnormal operation when the abnormal operation of the process is monitored, and determining the process as a process corresponding to the blackmail software when the identification threshold value satisfies a preset threshold value; an abnormal operation refers to an operation that matches a plurality of operation behaviors performed by a process corresponding to a pre-acquired blackmail software. The present application solves the technical problem that the identification method of the existing extortion software is delayed by blacklisting, which leads to low processing efficiency.

Description

technical field [0001] The present application relates to the field of network security, in particular, to a ransomware identification method, device and equipment, and a security processing method. Background technique [0002] With the development of Internet technology, the network has become an indispensable part of people's life and work. Internet users can obtain massive amounts of information through computer networks, and communicate and exchange with other users conveniently, realizing the sharing of information resources. However, the rapid development of computer network technology has made the network environment more and more complex, and network security issues have become increasingly prominent. Ransomware is one of the fastest-growing network threats in recent years. [0003] Ransomware usually encrypts documents, emails, databases, source codes, pictures, compressed files and other files on the user's system in some form to make them unusable, or interferes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 董斌雁
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap