Dell products l.p. (20240134976). ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS simplified abstract

From WikiPatents
Revision as of 02:57, 26 April 2024 by Wikipatents (talk | contribs) (Creating a new page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS

Organization Name

dell products l.p.

Inventor(s)

Tomer Shachar of Omer (IL)

Maxim Balin of Gan - Yavne (IL)

Yevgeni Gehtman of Modi'in (IL)

ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240134976 titled 'ANALYZING FILE ENTROPY TO IDENTIFY ADVERSE CONDITIONS

Simplified Explanation

The patent application describes a network-connected storage device that can detect unusual file-sharing command activity and analyze files stored on the device to determine if ransomware has infiltrated the storage.

  • The storage device detects unusual file-sharing command activity based on a baseline signature.
  • The device analyzes files with respect to a parameter, such as entropy, to identify potential ransomware infiltration.
  • By applying a function to an entropy value of a file portion, the device can determine if the file has been partially encrypted by ransomware.
  • The device compares the analyzed entropy of the file portion to the entropy of another portion to assess the extent of encryption.

Potential Applications

This technology can be applied in cybersecurity systems to detect and prevent ransomware attacks on network-connected storage devices.

Problems Solved

This technology addresses the issue of ransomware infiltrating storage devices and encrypting files, potentially causing data loss and financial harm.

Benefits

The technology provides an additional layer of security for network-connected storage devices, helping to protect valuable data from ransomware attacks.

Potential Commercial Applications

Commercial applications of this technology include cybersecurity solutions for businesses and organizations that rely on network-connected storage devices to store sensitive information.

Possible Prior Art

One possible prior art could be existing ransomware detection systems that focus on detecting ransomware on individual devices rather than network-connected storage devices.

Unanswered Questions

How does the storage device determine the baseline file-sharing command signature?

The abstract does not provide details on how the storage device establishes the baseline signature for file-sharing command activity.

What specific function is applied to the entropy value of the file portion to determine ransomware encryption?

The abstract mentions applying a function to the entropy value of a file portion, but it does not specify the exact function used for this analysis.


Original Abstract Submitted

a network connected storage device detects unusual file-sharing-command activity based on a baseline file-sharing-command signature and analyzes files stored on the storage with respect to a parameter, such as entropy, to determine whether ransomware may have infiltrated the storage device, or a storage associated therewith. applying by the storage device a function to an entropy value corresponding to a second portion of a file may result in a determination that an analyzed entropy corresponding to the second portion may have been partially encrypted by ransomware. the analyzed entropy corresponding to the second file portion may be compared to an entropy of a first file portion. the first file portion may be a different portion of the same file as the second portion or may be the same portion of the same file that resulted from analysis before the triggering event.

Retrieved from "http://wikipatents.org/index.php?title=Dell_products_l.p._(20240134976)._ANALYZING_FILE_ENTROPY_TO_IDENTIFY_ADVERSE_CONDITIONS_simplified_abstract&oldid=55724"