Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Bait file hiding method and device, electronic device and storage medium

A file and bait technology, applied in the field of information security, can solve the problems of blackmail virus detection and protection, and achieve the effect of improving protection ability, avoiding operation, and improving concealment

Inactive Publication Date: 2020-02-21
SANGFOR TECH INC
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if the above-mentioned hiding method of the decoy file is used, if the user enables the option to display hidden files, the decoy file will be displayed in the directory
The user may delete the decoy file with the option to display hidden files enabled due to misoperation, and the decoy file will not be able to detect and protect against ransomware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bait file hiding method and device, electronic device and storage medium
  • Bait file hiding method and device, electronic device and storage medium
  • Bait file hiding method and device, electronic device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0082] Embodiment 1: when the target hiding strategy includes the first hiding strategy, call the file filter driver to send a preset query command to the underlying IO system, and use the query result corresponding to the query request as the target linked list structure; Wherein, the preset query command is an command to control the underlying IO system to query files in the target file directory except the decoy file;

[0083]In Embodiment 1, there is only one decoy file that needs to be hidden in the original linked list structure. If an empty result is returned in the file filter driver, the content under the directory will be displayed abnormally. The processing method of this embodiment is to filter The driver executes another request to the underlying IO system and returns the result. Specifically, the above-mentioned re-execution request to the underlying IO system is a request for querying files other than the decoy file, so that the underlying IO system automaticall...

Embodiment approach 2

[0084] Embodiment 2: When the target hiding strategy includes the second hiding strategy, call the file filtering driver to perform an overall forward operation on the original linked list structure to obtain the target linked list structure, so that the next The item file is moved forward as a whole to the position of the decoy file in memory;

[0085] See image 3 , image 3 It is a schematic diagram of the hiding principle of the head decoy file provided by the embodiment of this application. In Embodiment 2, the decoy file information that needs to be hidden is in the first item of the original linked list structure, so the data of the next item of the decoy file can be moved forward as a whole in memory to the position of the decoy file information.

Embodiment approach 3

[0086] Embodiment 3: When the target hiding strategy includes the third hiding strategy, call the file filter driver to perform a link extraction operation on the original linked list structure to obtain the target linked list structure, so that the target linked list structure The previous item of the bait file points to the next item of the bait file;

[0087] See Figure 4 , Figure 4 It is a schematic diagram of the hiding principle of the middle decoy file provided by the embodiment of this application. In Embodiment 3, the decoy file information that needs to be hidden is in the middle of the original linked list structure, and the chain removal operation in Embodiment 3 can make the previous item of the decoy file directly point to the next item of the decoy file.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a bait file hiding method, and the bait file hiding method comprises the steps: determining a target file directory according to a received file query instruction, and queryingthe original linked list structures of all files in the target file directory; judging whether the target file directory comprises a bait file or not; wherein the bait file is a file used for detecting a virus process; if yes, calling a file filtering driver to modify the original linked list structure to obtain a target linked list structure; wherein the target linked list structure does not include file linked list information of the bait file; and taking the target linked list structure as a query result corresponding to the file query instruction. The method can improve the concealment ofthe bait file and prevent a user from deleting the bait file by mistake. The invention further discloses a bait file hiding device, an electronic device and a storage medium, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a method and device for hiding a decoy file, an electronic device and a storage medium. Background technique [0002] The ransomware virus uses various encryption algorithms to encrypt files, and the infected person generally cannot decrypt them. Only the decrypted private key can be cracked. Ransomware mainly spreads in the form of emails, program Trojan horses, and web page hanging horses. This virus is bad in nature and extremely harmful. Once infected, it will bring immeasurable losses to users. [0003] At present, the protection method for ransomware is as follows: by putting decoy files in the user's personal directory such as the desktop and each disk partition, the ransomware will first encrypt the decoy files and protect normal files from being encrypted. Since the direct display of the decoy file in the folder will affect the user's experience,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/60
CPCG06F21/56G06F21/604
Inventor 董岩恒
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com