Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for protecting against blackmail software attacks base on a solid state storage device

A solid-state storage device and software technology, which is applied to the generation of response errors, error detection of redundant data in calculations, and instruments. It can solve problems such as recovery, key management overhead, and slow encryption speed, and achieve reliability. Data protection, avoiding user misoperation, and reducing the effect of impact

Active Publication Date: 2019-02-26
INST OF INFORMATION ENG CAS
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Symmetric encryption ransomware uses symmetric encryption algorithm to encrypt files, but it is easy to be reversed or brute force to recover the symmetric key
Public-key encryption ransomware uses public-key encryption algorithms to encrypt files. Generally, the public key will be embedded in the user’s host to encrypt files, while the private key will be stored on the server side of the ransomware. The disadvantage of this type of ransomware is encryption The speed is slow, and a public-private key pair needs to be maintained for each infected host, resulting in high key management overhead

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for protecting against blackmail software attacks base on a solid state storage device
  • A method and system for protecting against blackmail software attacks base on a solid state storage device
  • A method and system for protecting against blackmail software attacks base on a solid state storage device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] Such as figure 1 As shown, this embodiment provides a flowchart of a method for defending against ransomware attacks based on solid-state storage devices. Its steps mainly include:

[0050] 1) The ransomware detection module analyzes the data access mode when ransomware attacks users, and establishes a fine-grained access model;

[0051] 2) The data backup module adopts the method of periodically backing up metadata, backs up important metadata, and ensures that the data encrypted or deleted by the ransomware is not actually physically deleted by modifying the garbage collection mechanism;

[0052] 3) The data recovery module adds a data structure in the OOB (out-of-band) area of ​​the corresponding physical page of the written data, including the backup data version, the write operation sequence number and the target logical block address, and uses the binary search method to search the backup metadata Refactor to restore user data.

[0053] High-level ransomware ca...

Embodiment 2

[0064] This embodiment implements a system prototype using OpenNFM. OpenNFM is an open source NAND flash memory controller framework, which is an architecture composed of three layers. The highest layer mainly deals with the mapping between the upper layer and the physical page address to the logical page address between the original flash memory, and the flash memory-based storage device can provide a unified block device interface of the file system. The middle layer is mainly responsible for usage equalization and bad block management. The lowest layer provides a primitive flash abstraction, shielding the special physical properties of NAND Flash. Port this system to lpc-h3131, a development board equipped with 180MHz ARM microcontroller, 512MB NAND flash memory and 32MB SDRAM. The block size of the flash memory is 128KB, and the page size is 2KB, so the entire NAND flash memory has 4,096 erase blocks, and each block consists of 64 pages. Each map entry can be represente...

Embodiment 3

[0076] This embodiment is a method for detecting ransomware based on a solid-state storage device, comprising the following steps:

[0077] 1) Monitor the read and write behavior of ransomware in the flash conversion layer of the firmware of the solid-state storage device;

[0078] 2) According to the difference between the reading and writing behavior of ransomware and the data reading and writing behavior of normal user programs, a detection model based on the unique access mode of reading, writing and deleting data of ransomware is established;

[0079] 3) Use the established detection model to detect ransomware.

[0080] For the specific implementation process of the above steps, please refer to the content about ransomware detection in Embodiments 1 and 2.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for preventing blackmail software attack based on a solid-state storage device, which realizes detection blackmail software in a firmware flash memory conversion layer of the solid-state storage device, and realizes data lightweight backup and data recovery by utilizing the non-in-situ updating characteristics of the solid-state storage device. The blackmail software detection module establishes a fine-grained access model according to the special data access mode when the blackmail software attacks the user. The data backup module backs up the important metadata including address mapping table, page usage table and so on in the way of periodic backup when the detection module does not detect the extortion software, and ensures that the currentbackup version data will not be physically deleted by using the garbage collection strategy. The data recovery module reconstructs the backed-up metadata by adding the backup data version, writing operation sequence number and target logical block address information in the OOB area corresponding to the physical page in the write operation, and then realizes the fast recovery of user data.

Description

technical field [0001] The present invention relates to ransomware detection technology and data backup and data recovery technology, in particular to a solid-state storage device-based detection technology and data backup and data recovery method for encrypted ransomware. Background technique [0002] In recent years, ransomware, a kind of malware that extorts ransom by restricting users' normal access to files or systems, has become popular and has been widely used in various cybercrimes. Sales were up about 2502%. In 1996, Young and others first proposed the concept of encryption virus, and named it Cryptovirology, and then proposed that by combining encryption algorithms and computer viruses, users can access key data and encrypt user files to extort money. This is the purpose of ransomware prototype. With the development of network technology, this type of encrypted virus continues to develop, its transmission methods are increasingly diverse, its scope of influence i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F11/14
CPCG06F11/1458G06F21/56
Inventor 贾世杰夏鲁宁王沛莹
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com