Dell products l.p. (20240134976). ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS simplified abstract
Contents
- 1 ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 How does the storage device determine the baseline file-sharing command signature?
- 1.11 What specific function is applied to the entropy value of the file portion to determine ransomware encryption?
- 1.12 Original Abstract Submitted
ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
Organization Name
Inventor(s)
Maxim Balin of Gan - Yavne (IL)
Yevgeni Gehtman of Modi'in (IL)
ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS - A simplified explanation of the abstract
This abstract first appeared for US patent application 20240134976 titled 'ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS
Simplified Explanation
The patent application describes a network-connected storage device that can detect unusual file-sharing command activity and analyze files stored on the device to determine if ransomware has infiltrated the storage.
- The storage device detects unusual file-sharing command activity based on a baseline signature.
- The device analyzes files with respect to a parameter, such as entropy, to identify potential ransomware infiltration.
- By applying a function to an entropy value of a file portion, the device can determine if the file has been partially encrypted by ransomware.
- The device compares the analyzed entropy of the file portion to the entropy of another portion to assess the extent of encryption.
Potential Applications
This technology can be applied in cybersecurity systems to detect and prevent ransomware attacks on network-connected storage devices.
Problems Solved
This technology addresses the issue of ransomware infiltrating storage devices and encrypting files, potentially causing data loss and financial harm.
Benefits
The technology provides an additional layer of security for network-connected storage devices, helping to protect valuable data from ransomware attacks.
Potential Commercial Applications
Commercial applications of this technology include cybersecurity solutions for businesses and organizations that rely on network-connected storage devices to store sensitive information.
Possible Prior Art
One possible prior art could be existing ransomware detection systems that focus on detecting ransomware on individual devices rather than network-connected storage devices.
Unanswered Questions
How does the storage device determine the baseline file-sharing command signature?
The abstract does not provide details on how the storage device establishes the baseline signature for file-sharing command activity.
What specific function is applied to the entropy value of the file portion to determine ransomware encryption?
The abstract mentions applying a function to the entropy value of a file portion, but it does not specify the exact function used for this analysis.
Original Abstract Submitted
a network connected storage device detects unusual file-sharing-command activity based on a baseline file-sharing-command signature and analyzes files stored on the storage with respect to a parameter, such as entropy, to determine whether ransomware may have infiltrated the storage device, or a storage associated therewith. applying by the storage device a function to an entropy value corresponding to a second portion of a file may result in a determination that an analyzed entropy corresponding to the second portion may have been partially encrypted by ransomware. the analyzed entropy corresponding to the second file portion may be compared to an entropy of a first file portion. the first file portion may be a different portion of the same file as the second portion or may be the same portion of the same file that resulted from analysis before the triggering event.