首页>
外国专利>
FEATURE ENGINEERING APPARATUS AND METHOD FOR EVASIVE RANSOMWARE DETECTION
FEATURE ENGINEERING APPARATUS AND METHOD FOR EVASIVE RANSOMWARE DETECTION
展开▼
机译:特征工程设备和方法,用于逃避勒索软件检测
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a feature processing apparatus and method for detecting evasive ransomware, an input/output request collection unit that periodically collects a header of an input/output request at a specific time interval, and a read request is detected from the header of the input/output request. In case, a first hash table construction unit that creates a first entry including block information related to the read request and stores it in the first hash table through window-based search, the same as the block of the read request in the header of the input/output request When an overwrite request for a memory block having a start address is detected, a second hash table construction unit that generates a second entry including block information related to the overwrite request and stores it in a second hash table through the search; and And a feature generator that calculates a plurality of features for detecting ransomware based on the first and second hash tables.
展开▼