DETECTION SYSTEM OF RANSOMEWARE USING PATTERN RECOGNITION OF RANSOMEWARE AND MAGIC NUMBER OF FILES

摘要

The present invention relates to a system for detecting a ransomware using pattern recognition of the ransomware and a magic number, which can detect an activity of the ransomware in a NAND flash memory-based solid-state drive (SSD), and defend from the ransomware. More specifically, the present invention relates to a system for detecting a ransomware using pattern recognition of the ransomware and a magic number, which can define a file format infected by the ransomware, identify whether only the files with the same magic number as that of the defined file format are infected by the ransomware or not, monitor the files having the same magic number on a regular basis, and detect whether the ransomware is in an activity state or not based on the number of times of overwriting by the monitored files.