Title:
SSD INTERNAL DEFENSE METHOD INCURRING NO DATA LOSS DUE TO RANSOMWARE, AND RANSOMWARE DETECTION SYSTEM
Document Type and Number:
WIPO Patent Application WO/2019/107609
Kind Code:
A1
Abstract:
An SSD internal defense method incurring no data loss due to ransomware, and a ransomware detection system are disclosed. A method for detecting ransomware operating in a NAND flash memory can comprise the steps of: periodically monitoring IO requests at every pre-defined monitoring period for ransomware detection; checking, on the basis of distribution of the header of the monitored IO requests, whether an overwrite occurred on a memory block having the same logical block address (LBA) as a read-requested block; counting, on the basis of the checking of whether overwriting occurred, the number of overwrites for each of a plurality of pre-defined features in order to specify operational features of the ransomware; and detecting activity of the ransomware on the basis of the counted number of overwrites.
More Like This:
Inventors:
BAEK SUNG HA (KR)
NYANG DAE HUN (KR)
NYANG DAE HUN (KR)
Application Number:
PCT/KR2017/013905
Publication Date:
June 06, 2019
Filing Date:
November 30, 2017
Export Citation:
Assignee:
THEVAULTERS INC (KR)
International Classes:
G06F21/56; G06F21/55
Foreign References:
KR20170088160A | 2017-08-01 | |||
KR20090024374A | 2009-03-09 | |||
US20150058987A1 | 2015-02-26 | |||
KR20170096699A | 2017-08-25 | |||
KR101685014B1 | 2016-12-12 |
Attorney, Agent or Firm:
YANG, Sungbo (KR)
Download PDF:
Previous Patent: METHOD AND SYSTEM FOR COUNTING DATA SET
Next Patent: APPARATUS FOR MANAGING VIRTUAL REALITY DEVICE AND MANAGEMENT METHOD USING SAME
Next Patent: APPARATUS FOR MANAGING VIRTUAL REALITY DEVICE AND MANAGEMENT METHOD USING SAME