SYSTEM AND METHOD FOR DETECTION OF MALICIOUS DATA ENCRYPTION PROGRAMS

SYSTEM AND METHOD FOR DETECTION OF MALICIOUS DATA ENCRYPTION PROGRAMS

Disclosed are systems and method for detection of malicious encryption programs. An example method comprises: intercepting, at a server, a file operation request from a client on a file stored on the server; collecting information about at least the requested file and the requested operation; determ...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: OVCHARIK, Vladislav I, BYKOV, Oleg G
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Disclosed are systems and method for detection of malicious encryption programs. An example method comprises: intercepting, at a server, a file operation request from a client on a file stored on the server; collecting information about at least the requested file and the requested operation; determining, by a hardware processor of the server, based on the collected information, whether the file operation request came from a known malicious encryption program; when the file operation request came from an unknown program, then calculating, by the hardware processor, entropies of at least a portion of the file before and after the execution of the requested operation on the file; and calculating, by the hardware processor, a difference between the calculated entropies; when the difference is below a threshold, allowing the requested operation on the file; and when the difference is above the threshold, denying the requested operation on the file.