SSD INTERNAL DEFENSE METHOD INCURRING NO DATA LOSS DUE TO RANSOMWARE, AND RANSOMWARE DETECTION SYSTEM

摘要

An SSD internal defense method incurring no data loss due to ransomware, and a ransomware detection system are disclosed. A method for detecting ransomware operating in a NAND flash memory can comprise the steps of: periodically monitoring IO requests at every pre-defined monitoring period for ransomware detection; checking, on the basis of distribution of the header of the monitored IO requests, whether an overwrite occurred on a memory block having the same logical block address (LBA) as a read-requested block; counting, on the basis of the checking of whether overwriting occurred, the number of overwrites for each of a plurality of pre-defined features in order to specify operational features of the ransomware; and detecting activity of the ransomware on the basis of the counted number of overwrites.