17970457. ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS simplified abstract (Dell Products L.P.)
Contents
- 1 ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 How does the storage device differentiate between normal file-sharing command activity and unusual activity that may indicate ransomware infiltration?
- 1.11 What measures are in place to ensure the accuracy of the ransomware detection and analysis performed by the storage device?
- 1.12 Original Abstract Submitted
ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
Organization Name
Inventor(s)
Maxim Balin of Gan - Yavne (IL)
Yevgeni Gehtman of Modi'in (IL)
ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS - A simplified explanation of the abstract
This abstract first appeared for US patent application 17970457 titled 'ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
Simplified Explanation
The patent application describes a network connected storage device that can detect unusual file-sharing command activity and analyze files stored on the storage to determine if ransomware may have infiltrated the device or associated storage. The device applies a function to analyze the entropy of file portions to identify potential ransomware encryption.
- Network connected storage device with ransomware detection capabilities
- Detection of unusual file-sharing command activity
- Analysis of files stored on the storage device based on entropy parameter
- Function applied to entropy values to determine potential ransomware encryption
- Comparison of entropy values between different file portions
- Potential identification of partially encrypted files by ransomware
Potential Applications
The technology can be applied in various industries where data security is crucial, such as finance, healthcare, and government sectors. It can also be used by individuals to protect their personal data from ransomware attacks.
Problems Solved
This technology addresses the growing threat of ransomware attacks on storage devices, which can lead to data loss and financial losses for individuals and organizations. By detecting and analyzing potential ransomware infiltration, this innovation helps prevent data encryption and loss.
Benefits
- Enhanced data security and protection against ransomware attacks - Early detection of ransomware infiltration for prompt action - Preservation of data integrity and confidentiality on storage devices
Potential Commercial Applications
"Ransomware Detection and Analysis Technology for Storage Devices" can be marketed to companies that store sensitive data, such as cloud storage providers, data centers, and cybersecurity firms. It can also be integrated into existing storage solutions to enhance their security features.
Possible Prior Art
One potential prior art could be antivirus software that scans files for malware, including ransomware. However, the specific focus on detecting ransomware through file-sharing command activity and entropy analysis may be a unique aspect of this technology.
Unanswered Questions
How does the storage device differentiate between normal file-sharing command activity and unusual activity that may indicate ransomware infiltration?
The patent application does not provide specific details on the criteria used by the storage device to distinguish between normal and unusual file-sharing command activity. Further information on the algorithms or patterns analyzed for this differentiation would be helpful.
What measures are in place to ensure the accuracy of the ransomware detection and analysis performed by the storage device?
The patent application mentions applying a function to analyze entropy values for potential ransomware encryption. However, it does not elaborate on the validation or verification processes used to confirm the presence of ransomware accurately. Additional insights into the reliability and effectiveness of the detection method would be beneficial.
Original Abstract Submitted
A network connected storage device detects unusual file-sharing-command activity based on a baseline file-sharing-command signature and analyzes files stored on the storage with respect to a parameter, such as entropy, to determine whether ransomware may have infiltrated the storage device, or a storage associated therewith. Applying by the storage device a function to an entropy value corresponding to a second portion of a file may result in a determination that an analyzed entropy corresponding to the second portion may have been partially encrypted by ransomware. The analyzed entropy corresponding to the second file portion may be compared to an entropy of a first file portion. The first file portion may be a different portion of the same file as the second portion or may be the same portion of the same file that resulted from analysis before the triggering event.
