DETECTION OF RANSOMWARE ATTACK USING ENTROPY VALUES

DETECTION OF RANSOMWARE ATTACK USING ENTROPY VALUES

Example implementations relate to storing data in a storage system. An example includes accessing a first portion of a data stream to be stored in a storage system; selecting sample data blocks included in the first portion; determining entropy values based on the sample data blocks; selecting, base...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Veprinsky, Alex, Barash, Gil, Kedem, Oded
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Example implementations relate to storing data in a storage system. An example includes accessing a first portion of a data stream to be stored in a storage system; selecting sample data blocks included in the first portion; determining entropy values based on the sample data blocks; selecting, based on the sample data blocks, a entropy threshold from multiple precalculated entropy thresholds; determining whether the generated set of entropy values matches the selected entropy threshold within a probability level; and in response to a determination that the generated set of entropy values matches the selected entropy threshold within the probability level, identifying the first portion of the data stream as potentially including encrypted data affected by a ransomware attack.