The invention provides a
ransomware real-time detecting and defending method based on file request monitoring, and belongs to the technical field of
system security. The method includes the steps of monitoring whether a tested program has operation behaviors on a user file or not in a user host, if yes, mirroring the file to a protected
storage area, operating the file in the area, recording the complete operation information, judging whether the program is
ransomware or not in combination with a dubiety measuring
mechanism based on the file content and operation behavior analysis, if yes, deleting the file in the
protected area and deleting the program, and if not, updating and
synchronizing the file according to the file in the
protected area so that the consistency of data under normalcircumstances can be ensured. Through the process, the malicious
ransomware can be effectively detected, the damage of malicious codes to user data is minimized, and the aim of improving the securityand defending capacity of a
server host
system is achieved.