Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Linux ransomware virus prevention method and system

A virus and honeypot technology, applied in the field of Linux ransomware prevention and Linux ransomware prevention software, can solve the problems of undetectable ransomware, limited effect, and difficult acquisition

Active Publication Date: 2021-06-04
SHANGHAI JIAO TONG UNIV
View PDF8 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] This defense method can only detect known ransomware viruses. For new ransomware viruses, it is extremely difficult to obtain their characteristics before the outbreak; severely degraded performance
[0010] However, this killing scheme can only target known ransomware, and for new or variant unknown ransomware, it cannot detect ransomware by matching signatures in the virus database
If the user's system has been infected with an unknown ransomware virus, this post-killing will not be able to recover the loss caused by the encryption of the user's files
Therefore, the effectiveness of this defense method is limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Linux ransomware virus prevention method and system
  • Linux ransomware virus prevention method and system
  • Linux ransomware virus prevention method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] A kind of Linux ransomware virus prevention system provided according to the present invention comprises:

[0065] Trapping module: Use the trapping module to monitor the honeypot area file, and when it is found that there is a Linux ransomware virus or other non-virus processes that perform corresponding operations on the current honeypot area file, it will detect and compare the file characteristics of the current honeypot area file , to determine whether the current process is threatened, and when it is confirmed that the current process is threatened, the relevant process is terminated, and the alarm information is fed back to the front-end platform in time;

[0066] Specifically, it also includes a backup module: back up and protect the modified files in the area selected by the user (the area expected to be protected), and realize file recovery after being attacked by the Linux ransomware virus; the size of the area selected by the user can be expected by the user ...

Embodiment 2

[0117] Embodiment 2 is a modification of embodiment 1

[0118] The present invention mainly solves the problem that the current Linux operating system has no effective means of protection against ransomware, and at the same time seeks a method that can prevent unknown types of ransomware, and improves the current backup that requires manual operation or online backup in order to prevent ransomware Trouble.

[0119] The present invention adopts setting honeypot file, and judges the change of its file information entropy to judge whether there is known or unknown ransomware;

[0120] Real-time backup is used to back up any files suspected of being encrypted by ransomware in real time, and save the contents of the files before modification or deletion for subsequent recovery.

[0121] After testing, the software realized by the invention can prevent any encrypted file-type malicious software, and can also back up and restore files before being encrypted.

[0122] The front-end ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Linux ransomware virus prevention system and method, and the system comprises: a trapping module which is used for monitoring a honeypot region file, carrying out the detection and comparison of the file characteristics of the current honeypot region file when a process carries out the corresponding operation of the current honeypot region file, judging whether the current process is threatened or not, terminating related processes when it is confirmed that the current process is threatened, and feeding alarm information back to the front-end platform in time; the backup module is used for carrying out backup protection on the modified file in the selected area so as to recover the file attacked by the Linux ransomware virus; and the scanning module is used for scanning files suspected to be attacked by the ransomware in the selected area and feeding back a scanning result to the user. Compared with a traditional honeypot file detection method, the detection rate, the false alarm rate and the accuracy rate of the method provided by the invention prove that the method can accurately detect encrypted ransomware.

Description

technical field [0001] The present invention relates to the technical field of virus prevention, in particular, to a Linux ransomware virus prevention method and system, and more specifically, to an implementation method of Linux ransomware virus prevention software. Background technique [0002] Ransomware, also known as ransomware, is a malicious computer virus that has emerged in recent years. It is mainly spread in the form of emails, program Trojans, and web page Trojans. When a user's computer is invaded by a ransomware virus, the ransomware virus will encrypt important files on the user's system and blackmail the user by threatening to decrypt these important files. Moreover, the encryption method used by the ransomware virus cannot be cracked. Victims often You can only choose to abandon the file or pay a high ransom. [0003] Ransomware mainly has the following characteristics: [0004] Ransomware on the Windows operating system usually uses the 445 port vulnerabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F11/14
CPCG06F21/566G06F21/568G06F11/1448G06F11/1469
Inventor 陆天和朱成晨朱天杰王绍源刘功申
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com