Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for preventing ransomware attacks based on solid-state storage devices

A solid-state storage device and software technology, which is applied to the generation of response errors, error detection of redundant data in calculations, and instruments, etc. It can solve problems such as recovery, slow encryption speed, and large key management overhead to achieve reliability Data protection, impact reduction, and the effect of avoiding user misoperation

Active Publication Date: 2022-04-01
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Symmetric encryption ransomware uses symmetric encryption algorithm to encrypt files, but it is easy to be reversed or brute force to recover the symmetric key
Public-key encryption ransomware uses public-key encryption algorithms to encrypt files. Generally, the public key will be embedded in the user’s host to encrypt files, while the private key will be stored on the server side of the ransomware. The disadvantage of this type of ransomware is encryption The speed is slow, and a public-private key pair needs to be maintained for each infected host, resulting in high key management overhead

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for preventing ransomware attacks based on solid-state storage devices
  • A method and system for preventing ransomware attacks based on solid-state storage devices
  • A method and system for preventing ransomware attacks based on solid-state storage devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] Such as figure 1 As shown, this embodiment provides a flowchart of a method for defending against ransomware attacks based on solid-state storage devices. Its steps mainly include:

[0050] 1) The ransomware detection module analyzes the data access mode when ransomware attacks users, and establishes a fine-grained access model;

[0051] 2) The data backup module adopts the method of periodically backing up metadata, backs up important metadata, and ensures that the data encrypted or deleted by the ransomware is not actually physically deleted by modifying the garbage collection mechanism;

[0052] 3) The data recovery module adds a data structure in the OOB (out-of-band) area of ​​the corresponding physical page of the written data, including the backup data version, the write operation sequence number and the target logical block address, and uses the binary search method to search the backup metadata Refactor to restore user data.

[0053] High-level ransomware ca...

Embodiment 2

[0064] This embodiment implements a system prototype using OpenNFM. OpenNFM is an open source NAND flash memory controller framework, which is an architecture composed of three layers. The highest layer mainly deals with the mapping between the upper layer and the physical page address to the logical page address between the original flash memory, and the flash memory-based storage device can provide a unified block device interface of the file system. The middle layer is mainly responsible for usage equalization and bad block management. The lowest layer provides a primitive flash abstraction, shielding the special physical properties of NAND Flash. Port this system to lpc-h3131, a development board equipped with 180MHz ARM microcontroller, 512MB NAND flash memory and 32MB SDRAM. The block size of the flash memory is 128KB, and the page size is 2KB, so the entire NAND flash memory has 4,096 erase blocks, and each block consists of 64 pages. Each map entry can be represente...

Embodiment 3

[0076] This embodiment is a method for detecting ransomware based on a solid-state storage device, comprising the following steps:

[0077] 1) Monitor the read and write behavior of ransomware in the flash conversion layer of the firmware of the solid-state storage device;

[0078] 2) According to the difference between the reading and writing behavior of ransomware and the data reading and writing behavior of normal user programs, a detection model based on the unique access mode of reading, writing and deleting data of ransomware is established;

[0079] 3) Use the established detection model to detect ransomware.

[0080] For the specific implementation process of the above steps, please refer to the content about ransomware detection in Embodiments 1 and 2.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for preventing ransomware attacks based on solid-state storage devices, which realizes detection of ransomware in the firmware flash memory conversion layer of the solid-state storage devices, and utilizes the characteristics of non-in-situ update of solid-state storage devices to realize data lightweight backup and data backup. recover. The ransomware detection module establishes a fine-grained access model according to the special data access mode when the ransomware attacks the user; the data backup module adopts the method of periodic backup when the detection module does not detect the ransomware. The important metadata including the page usage table is backed up, and the garbage collection strategy is used to ensure that the data of the current backup version will not be physically deleted; the data recovery module adds the backup data version and the write operation by adding the backup data version in the OOB area of ​​the corresponding physical page during the write operation. The serial number and target logical block address information are used to reconstruct the backup metadata by the dichotomy method, thereby realizing the rapid recovery of user data.

Description

technical field [0001] The present invention relates to ransomware detection technology and data backup and data recovery technology, in particular to a solid-state storage device-based detection technology and data backup and data recovery method for encrypted ransomware. Background technique [0002] In recent years, ransomware, a kind of malware that extorts ransom by restricting users' normal access to files or systems, has become popular and has been widely used in various cybercrimes. Sales were up about 2502%. In 1996, Young and others first proposed the concept of encryption virus, and named it Cryptovirology, and then proposed that by combining encryption algorithms and computer viruses, users can access key data and encrypt user files to extort money. This is the purpose of ransomware prototype. With the development of network technology, this type of encrypted virus continues to develop, its transmission methods are increasingly diverse, its scope of influence i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F11/14
CPCG06F11/1458G06F21/56
Inventor 贾世杰夏鲁宁王沛莹
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products