| CPC H04L 63/1491 (2013.01) [H04L 63/1466 (2013.01)] | 20 Claims |
|
1. A method for protecting a computing system (CS) against ransomware attacks using virtual file honeypots (VFHs) under virtual honeypot driver control, the method comprising:
identifying a trusted process launched on a computing device;
monitoring a thread associated with the trusted process using a control point;
detecting activity of the thread based on the control point;
receiving, from the trusted process, an execution stack;
identifying, based on sensor data, an injector associated with injection of an injected thread and determining a plurality of characteristics associated with the injection and corresponding to the injected thread;
applying a first machine learning module to the execution stack and the plurality of characteristics associated with the injection to generate a preliminary verdict, wherein the preliminary verdict determines that the injected thread is a malware injection when the preliminary verdict exceeds a predefined threshold;
generating VFH security parameters by applying a second machine learning module to a CS environment information, the plurality of characteristics of the injected thread, auxiliary information, or the execution stack;
generating a plurality of VFHs based on the security parameters using a generative AI model pretrained based on a large language model (LLM) with a training dataset associated with the CS, binary module characteristics, and a threat history of the binary module;
providing the injected thread with the plurality of VFHs mixed with real system files;
detecting the injected thread as a malware injection by performing a heuristic analysis;
retraining the first machine learning module to identify malware injections based on newly collected data corresponding to detected malware injections; and
retraining the second machine learning module to generate VFHs based on security parameters of newly collected data corresponding to confirmed malware injections.
|