Ransomware real-time detection method and defense method based on file system virtual reading and writing

• Main Authors: WANG QIUYUN, XIN LILING, LIU BAOXU, WANG SHUWEI, JIANG ZHENGWEI, WANG XIAOMAN
• Format: Patent
• Language: Chinese; English
• Published: 08.09.2020
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention provides a ransomware real-time detection method and defense method based on file system virtual reading and writing and belongs to the technical field of system safety, the method is used for detecting ransomware in real time and protecting a host system from being damaged by the ransomware. The method mainly comprises the following steps: virtualizing read-write operations of suspicious programs in a system; investigating writing content in a virtualized disk, judging whether the writing content is ransomware or not. The real-time early warning and active defense capacity of the host system is improved, high-accuracy real-time detection and termination of the ransomware can be achieved under the conditions of low loss and zero loss, and data and property safety of users andenterprises is protected. 本发明提供一种基于文件系统虚拟读写的勒索软件实时检测方法和防御方法，属于系统安全技术领域，用于实时检测勒索软件并保护主机系统免受勒索软件的危害，主要通过对系统中可疑程序的读写操作进行虚拟化，在虚拟化磁盘中对写入内容进行考察，进一步地判断是否是勒索软件，提升主机系统的实时预警和主动防御能力，能够在低损耗，零损失的条件下实现对勒索软件进行高准确率的实时检测和终止，保护用户和企业的数据与财产安全。