US 11,874,925 B2
Data processing method for coping with ransomware, program for executing the method, and computer-readable recording medium storing the program
Ki Yoong Hong, Seoul (KR)
Assigned to SECUVE CO., LTD., Seoul (KR)
Filed by SECUVE CO., LTD., Seoul (KR)
Filed on Sep. 23, 2022, as Appl. No. 17/934,840.
Application 17/934,840 is a division of application No. 16/345,212, granted, now 11,562,072, previously published as PCT/KR2019/001137, filed on Jan. 28, 2019.
Claims priority of application No. 10-2018-0030780 (KR), filed on Mar. 16, 2018.
Prior Publication US 2023/0017807 A1, Jan. 19, 2023
Int. Cl. H04L 29/06 (2006.01); G06F 21/56 (2013.01); G06F 21/55 (2013.01)
CPC G06F 21/568 (2013.01) [G06F 21/554 (2013.01); G06F 21/566 (2013.01)] 5 Claims
OG exemplary drawing
 
1. A data processing method for coping with ransomware in a computer apparatus having a processor and a memory, comprising:
registering at least one characteristic value selected in consideration of a type of data;
when output subject data to be outputted from the processor to the memory is generated, dividing the output subject data into a plurality of segments each having a predetermined size, and extracting the at least one characteristic value for the output subject data by analyzing the plurality of segments;
analyzing a matching level of each of the at least one characteristic value by comparing the at least one characteristic value extracted from the output subject data with a corresponding registered characteristic value;
determining whether an ransomware attack occurred to the output subject data according to a matching level analysis result; and
executing an output operation for the output subject data according to a ransomware attack determination result,
wherein the at least one characteristic value comprises a bit position ratio characteristic value that represents a statistical value for a ratio at which a predetermined bit value appears at each bit position in the plurality of segments or a segment bit number ratio characteristic value that represents a statistical value for a number of bits having a particular bit value in the plurality of segments,
wherein the at least one characteristic value for the output subject data further comprises a segment pattern frequency characteristic value that represents a statistical value for each frequency of occurrences of different segment patterns appearing in the plurality of segments, and
wherein registering the at least one characteristic value comprises:
registering at least one of: a bit position ratio characteristic value for each type extracted from data categorized by data types and a maximum and minimum range thereof, a segment bit number ratio characteristic value for each type extracted from the data categorized by data types and a maximum and minimum range thereof, a segment pattern frequency characteristic value for each type extracted from the data categorized by data types and a maximum and minimum range thereof, a bit position ratio characteristic value for all types extracted from all types of data regardless of the data types and a maximum and minimum range thereof, a segment bit number ratio characteristic value for all types extracted from all the types of data regardless of the data types and a maximum and minimum range thereof, and a segment pattern frequency characteristic value for all types extracted from all the types of data regardless of the data types and a maximum and minimum range thereof.