Identification method, apparatus and device for ransomware, and safety processing method
A technology for identifying equipment and software, applied in the field of network security, can solve problems such as low processing efficiency and lag, and achieve the effect of improving recognition efficiency and recognition accuracy
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0028] According to an embodiment of the present application, an embodiment of a ransomware identification device is provided, figure 1 is a schematic diagram of a ransomware identification device according to an embodiment of the present application, such as figure 1 As shown, the identified devices of this ransomware include:
[0029] The monitoring device 102 is configured to monitor the newly created process.
[0030] The processor 104 is configured to determine an identification threshold for identifying a process corresponding to ransomware based on the operation behavior of the abnormal operation when an abnormal operation of the process is monitored, and determine the process as ransomware when the identification threshold meets a preset threshold The corresponding process, wherein, the abnormal operation refers to an operation that matches multiple operation behaviors performed by the process corresponding to the pre-acquired ransomware.
[0031] Specifically, the a...
Embodiment 2
[0050] According to the embodiment of the present application, an embodiment of a method for identifying ransomware is also provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.
[0051] The ransomware identification method embodiment provided by this application can be applied to public clouds in the Internet field (for example, Baidu Cloud, Tencent Cloud, Alibaba Cloud, etc.), and some relatively large network sites (for example, commercial companies, search engines, or sites of government departments, etc.) to defend against ransomware.
[0052] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer term...
Embodiment 3
[0116] According to an embodiment of the present application, a ransomware identification device for implementing the above ransomware identification method is also provided, such as Figure 5 As shown, the apparatus 500 includes: a monitoring unit 502 , a first determining unit 504 and a second determining unit 506 .
[0117] Wherein, the monitoring unit 502 is used to monitor the newly-created process; the first determination unit 504 is used to determine the identification threshold for identifying the process as a process corresponding to ransomware based on the operation behavior of the abnormal operation when monitoring the abnormal operation of the process, wherein, An abnormal operation refers to an operation that matches multiple operational behaviors performed by a process corresponding to ransomware obtained in advance; the second determining unit 506 is configured to determine the process as a process corresponding to ransomware when the recognition threshold meets ...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com