Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting and defending ransomware based on access permission

A technology of access rights and software, which is applied in the direction of instruments, calculations, electrical digital data processing, etc., can solve the problems of poor accuracy and real-time performance, and achieve the effects of improving efficiency, wide application prospects, and simple structure

Active Publication Date: 2020-07-31
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the above-mentioned important data and files in the prior art being placed centrally, and the existing ransomware detection method has poor accuracy and real-time performance, the present invention provides a method for detecting and defending against ransomware based on access rights to solve The above technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and defending ransomware based on access permission
  • Method for detecting and defending ransomware based on access permission

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] Such as figure 1 As shown, the present invention provides a method for detecting and defending ransomware based on access rights, comprising the steps of:

[0047] S1. Set sensitive folders in the system to be monitored, generate a list of sensitive folders, and set defense scripts and whitelists for the system to be monitored;

[0048]S2. Configure the defense script to monitor the system API required for file traversal in real time, intercept all processes that call the file traversal system API, and set it as a concerned process, and search for the software corresponding to the concerned process in the white list;

[0049] S3. When there is no software corresponding to the concerned process in the white list, configure the defense script to determine whether the folder that the concerned process calls the system API to traverse is in the list of sensitive folders;

[0050] S4. When the folders that the concerned process calls the system API to traverse are in the li...

Embodiment 2

[0052] Such as figure 2 As shown, the present invention provides a method for detecting and defending ransomware based on access rights, comprising the steps of:

[0053] S1. Set sensitive folders in the system to be monitored, generate a list of sensitive folders, and set defense scripts, whitelists and blacklists for the system to be monitored; sensitive folders can be set to automatically recursively include all subfolders, and subfolders can also be set Folder hierarchy scope;

[0054] S2. Configure the defense script to monitor the system API required for file traversal in real time, intercept all processes that call the file traversal system API, and set it as a concerned process, and search for the software corresponding to the concerned process in the blacklist;

[0055] When there is software corresponding to the concerned process in the blacklist, block all operations of the concerned process, and return to step S2;

[0056] When there is no software corresponding...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting and defending ransomware based on access permission. The method comprises steps of setting a sensitive folder in the to-be-monitored system, setting a defense script for the to-be-monitored system, configuring the defense script for the to-be-monitored system, monitoring a system API required by file traversal in real time, intercepting all processes for calling the file to traverse the system API, setting the processes as concerned processes, and searching software corresponding to the concerned processes in the white list; when the software corresponding to the concerned process does not exist in the white list, judging whether a folder traversed by calling a system API by the concerned process is in a sensitive folder list or not; when the folder traversed by calling the system API by the concerned process is a sensitive folder, calling the system API by the concerned process; performing process injection on the concerned process, monitoring all file operating system APIs of the concerned process, providing file operations performed by each file operating system API of the concerned process for a user to confirm, and performing corresponding operations on actions of the concerned process according to a confirmation result of the user.

Description

technical field [0001] The invention belongs to the technical field of malicious software determination, and in particular relates to a method for detecting and defending ransomware based on access rights. Background technique [0002] Ransomware: Ransomware is a popular Trojan horse that makes users' data assets or computing resources unavailable for normal use by harassing, intimidating, or even kidnapping user files, and extorts money from users on this condition. Such user data assets include documents, emails, databases, source codes, pictures, compressed files and other files. The ransom comes in real money, Bitcoin or other virtual currencies. [0003] In recent years, ransomware has grown rapidly, posing a huge threat to global network security. Since the first ransomware came out in 1989, its extortion targets have become more and more diverse, the extortion industry chain has gradually formed, the means of extortion have gradually become high-end, virtual currenc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 王传国
Owner INSPUR SUZHOU INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com