A method for detecting and defending against ransomware based on access rights

A technology of access rights and software, applied in instruments, computing, electrical and digital data processing, etc., can solve problems such as poor accuracy and real-time performance, and achieve the effects of reducing system consumption, reducing scope and quantity, and simple structure

Active Publication Date: 2022-08-05
SUZHOU METABRAIN INTELLIGENT TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the above-mentioned important data and files in the prior art being placed centrally, and the existing ransomware detection method has poor accuracy and real-time performance, the present invention provides a method for detecting and defending against ransomware based on access rights to solve The above technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for detecting and defending against ransomware based on access rights
  • A method for detecting and defending against ransomware based on access rights

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] like figure 1 As shown, the present invention provides a method for detecting and defending ransomware based on access rights, including the following steps:

[0047] S1. Set up sensitive folders in the system to be monitored, generate a list of sensitive folders, and set up defense scripts and whitelists for the system to be monitored;

[0048]S2. Configure the defense script to monitor the system API required for file traversal in real time, intercept all processes that call the file traversal system API, and set it as a process of interest, and find the software corresponding to the process of interest in the whitelist;

[0049] S3. When there is no software corresponding to the concerned process in the whitelist, configure a defense script to determine whether the folder that the concerned process calls the system API to traverse is in the list of sensitive folders;

[0050] S4. When the folder that the concerned process calls the system API to traverse is in the l...

Embodiment 2

[0052] like figure 2 As shown, the present invention provides a method for detecting and defending ransomware based on access rights, including the following steps:

[0053] S1. Set up sensitive folders in the system to be monitored, generate a list of sensitive folders, and set up defense scripts, whitelists and blacklists for the system to be monitored; sensitive folders can be set to automatically recursively include all subfolders, and subfolders can also be set Folder hierarchy scope;

[0054] S2. Configure the defense script to monitor the system API required for file traversal in real time, intercept all processes that call the file traversal system API, and set it as a process of interest, and find the software corresponding to the process of interest in the blacklist;

[0055] When there is software corresponding to the concerned process in the blacklist, block all operations of the concerned process, and return to step S2;

[0056] When the software corresponding ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method for detecting and defending ransomware based on access authority: setting sensitive folders in a system to be monitored, setting a defense script for the system to be monitored, and configuring a defense script for a whitelist to monitor system APIs required for file traversal in real time , intercept all the processes that call the file traversal system API, and set it as the concerned process, and find the software corresponding to the concerned process in the whitelist; when there is no software corresponding to the concerned process in the whitelist, judge that the concerned process calls the system API to perform Whether the traversed folder is in the list of sensitive folders; when the folder that the concerned process calls the system API to traverse is a sensitive folder, process injection is performed on the concerned process, all file operating system APIs of the concerned process are monitored, and the The file operations performed by each file operating system API are provided to the user for confirmation, and then corresponding operations are performed on the actions of the concerned process according to the user's confirmation result.

Description

technical field [0001] The invention belongs to the technical field of malware determination, and in particular relates to a method for detecting and defending ransomware based on access authority. Background technique [0002] Ransomware: Ransomware is a popular Trojan horse that makes users' data assets or computing resources unusable by harassing, intimidating, or even kidnapping user files, and extorting money from users on this condition. Such user data assets include documents, emails, databases, source code, pictures, compressed files and other files. Ransom forms include real money, bitcoin or other virtual currencies. [0003] In recent years, ransomware has grown rapidly, posing a huge threat to global network security. Since the advent of the first ransomware in 1989, its ransomware targets have become more and more diverse, the ransomware industry chain has gradually formed, the means of ransomware have gradually moved towards high-end, and virtual currency pay...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 王传国
Owner SUZHOU METABRAIN INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap