KR20190063637A - Storage management system and method - Google Patents

Abstract

Provided is a storage management system, which comprises: a file security determination unit using a registry of a file stored in a storage, and determining the security of the file; a user reliability determination unit determining the reliability of a user using the storage; and a memory storing the registry of the file stored in the storage and the reliability of the user.

Description

[0001] STORAGE MANAGEMENT SYSTEM AND METHOD [0002]

The present invention relates to a storage management system and method, and more particularly, to a method and system for storing a secure file in storage by extracting a registry of a file requested to be downloaded to a storage, converting the registry into a hash, System and method.

Recently, it has become a matter of business that an individual does not own an item but uses a fee and borrows it whenever necessary.

This lease business has also been applied to PCs. Recently, the concept of purchasing and using personal computers has been spreading, and the use of PC rentals for renting PCs for others has been spreading. PC rental companies operating a PC rental business have a limited number of PCs, so having a PC as many as the number of subscribers in a PC rental business may cause a business loss. And the usage rights are matched. It is not necessary to have a no-hard PC as many as the number of PC rental business subscribers, but storage needs to be held for the number of PC rental business subscribers. Therefore, the PC rental service provider has a large amount of storage, divides the storage, and allocates the storage to each PC rental user, thereby providing a personal storage space to the PC rental user.

In this case, when a malicious file including malicious code or malicious virus is downloaded to the storage, it may cause a catastrophic loss to the entire storage user and the PC rental business. Therefore, in order to safely manage the storage, There is a need to manage malicious users who are propagating files.

Conventionally, information about a file including a malicious code is individually recorded and propagated to a PC user to protect the PC by not downloading the file containing the malicious code. However, this protects the PC against a new file format including a new malicious code There is a fatal disadvantage of not being able to do so.

The present invention is directed to solving the above-mentioned problems and other problems.

Another object of the present invention is to provide a system and method for screening malicious files containing malicious code and blocking them from being downloaded to the storage in advance.

Another object of the present invention is to provide a system and method for selectively managing malicious users deliberately distributing malicious code.

According to an aspect of the present invention, there is provided a file security system comprising: a file security determination unit for determining a security of a file using a registry of a file stored in a storage; A user reliability determining unit for determining a reliability of a user using the storage; And a memory for storing the registry of the file stored in the storage and the user reliability.

In addition, the registry may be converted into a hash in the file security determination unit, compared with a registry hash, and stored in the memory unit as a registry hash.

Also, the file safety determination unit may determine the security of the file by comparing the registry of the file stored in the storage with the reference registry of the reference file having the same file name stored in the memory.

In addition, the file security judgment may determine whether the file registry stored in the storage is the same as the reference registry, and may determine that the file is a secure file if the files are the same.

In addition, the user reliability determining unit may determine the percentage of the file occupied by the secure file among the files downloaded by the storage user as the user reliability.

In addition, the file safety determining unit may calculate an average of user trustworthiness of users who have downloaded the respective files among the two or more files having the same file name but different registry, determine the file having the highest user trustworthiness average as a reference file, The registry of the reference file can be judged as the reference registry.

Also, the reference file may be one of the files that have the same file name but have been downloaded more than a certain number of times among the two or more different files in the registry.

The memory may further include: a registry storing unit for storing the registry; A user reliability storage unit for storing the reliability of the storage user; And a reference file storage unit in which the reference file is stored

According to another aspect of the present invention, there is provided a method of managing a file, the method comprising: storing a registry of a file requested to be downloaded to a storage; Comparing the registry with a reference registry of a reference file of the same file name previously stored in the memory; And if the registry is the same as the reference registry, determining that the file is a safe file and allowing the download, and if not, determining that the file is unsafe and downloading the reference file stored in the memory without allowing downloading The storage management method comprising the steps of:

According to the present invention, malicious files including malicious code can be distinguished and blocked regardless of file format by using machine learning.

According to the present invention, there is an effect of improving the stability of storage by allowing only safe files to be downloaded by judging and selecting unsafe files and secure files using machine learning.

In addition, according to the present invention, it is possible to manage storage users who distribute malicious files by evaluating and storing the reliability of storage users by using machine learning.

Further, according to the present invention, the storage is protected from malicious files, thereby reducing system maintenance costs due to transmission of malicious files.

1 is a block diagram illustrating an embodiment of a no-hard PC rental system according to the prior art.
2 is a block diagram illustrating an embodiment of a No Hard PC rental system according to the present invention.
FIG. 3 is a block diagram illustrating an embodiment of a storage management system according to the present invention.
4 is a block diagram illustrating another embodiment of the storage management system according to the present invention.
5 is a flowchart showing a flow of a storage management method when there is a previously stored reference file according to the present invention.
FIG. 6 is a flowchart illustrating a flow of a storage management method when there is no previously stored reference file according to the present invention.
FIG. 7 is a reference diagram for explaining an embodiment for selecting a reference file through machine learning in a storage management system when there is no previously stored reference file according to the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals are used to designate identical or similar elements, and redundant description thereof will be omitted. The suffix "module" and " part "for the components used in the following description are given or mixed in consideration of ease of specification, and do not have their own meaning or role. In the following description of the embodiments of the present invention, a detailed description of related arts will be omitted when it is determined that the gist of the embodiments disclosed herein may be blurred. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. , ≪ / RTI > equivalents, and alternatives.

Terms including ordinals, such as first, second, etc., may be used to describe various elements, but the elements are not limited to these terms. The terms are used only for the purpose of distinguishing one component from another.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

The singular expressions include plural expressions unless the context clearly dictates otherwise.

In the present application, the terms "comprises", "having", and the like are used to specify that a feature, a number, a step, an operation, an element, a component, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram illustrating an embodiment of a NO-HARD (NO HARD DISK DRIVE) PC rental system according to the prior art.

A user connects the NOHARD PC 110 connected to the NOHARD PC rental system 100 of the NOHARD PC rental service provider through a set-top box and an Internet facility connected to the set-top box, The user can use the Internet through the external network connected to the no hard PC 110 by using various programs using the storage 120. In the process, various files are downloaded (downloaded), and the downloaded file is stored in the storage 120 allocated to the user. The file downloaded by the user and stored in the storage 120 allocated to the user is stored without filtering so that the whole storage 120 and the PC may be fatal if the malicious file is downloaded. Therefore, a system for managing files downloaded from an external network is required.

2 is a block diagram illustrating an embodiment of a No Hard PC rental system 100 according to the present invention.

The user can connect to the external network using the no hard PC 110 and download various files through the external network. At this time, the file can be downloaded via the storage management system 200, The file may be stored in the storage 120 assigned to the user.

The no hard PC rental system 100 may include a no hard PC 110, a storage 120 and a storage management system 200. The no hard PC rental system 100 may be connected to a user via the Internet line and a set- And can be connected to the external network to access the Internet.

Since the hard disk drive 110 does not include a hard disk drive (HDD) therein, the user can use the PC through the PXE (PREBOOT EXCTION ENVIRONMENT) booting from the storage 120. Since the NoHD PC 110 does not include the storage 120 therein, the NoHD PC 110 is electrically connected to the storage 120, which is an external storage space. And is connected to the external network through the storage management system 200 for providing the user with the Internet. Accordingly, when a specific file is downloaded from the user through the external network, the NoHard PC 110 requests downloading of a specific file from the external network via the storage management system 200, If it is determined that the file requested to be downloaded is a safe file after the security of the file requested to be downloaded is determined, the specific file requested to be downloaded can be transferred to the storage 120 through the No Hard PC 110.

The storage 120 is a storage space allocated to the no-hard PC rental subscriber, and there is a one-to-one matching story with the subscriber. When a subscriber uses the no-hard PC 110, a file can be downloaded to the storage 120 through the no-hard PC 110, and a desired program can be installed.

When there is a file download request from the external network to the storage 120 allocated to the user, the storage management system 200 can determine whether the download requested file is a secure file through machine learning If it is determined that the file is a safe file, the file requested to be downloaded is transferred to the storage 120 allocated to the user, or if it is determined that the file is unsafe, a secure file stored in the storage management system 200 having the same file name To the storage 120 assigned to the user.

3 is a block diagram illustrating an embodiment of a storage management system 200 according to the present invention.

In FIG. 3, the storage management system 200 may include a file security determination unit 310, a user reliability determination unit 320, and a memory 330.

If there is a file download request from the external network in response to a user request, the file safety deciding unit 310 may extract the registry of the file requested to be downloaded, and may convert the extracted registry into a hash type and store the extracted registry. The module for the hash transform may be SHA256 or md5. The registry hash conversion of the file requested to be downloaded can perform registry hash conversion without transforming the file requested to be downloaded (such as executing a file, opening a file, changing a setting of a file, etc.) If the file requested to be downloaded is an executable file, the file itself can be hashed, and if the file requested to be downloaded is a document file, the file can be hashed without being opened.

The converted registry hash can be compared with a reference registry hash of the secure reference file having the same file name previously stored in the memory 330. If the converted registry hash is equal to the stored reference registry hash, If it is not the same, it can be judged as an unsafe file. If it is determined that the file requested to be downloaded is safe, the file safety determining unit 310 may transmit the reference file having the same file name previously stored in the file requested to be downloaded or the memory 330 to the storage 120 allocated to the user If it is determined that the file requested to be downloaded is unsafe, the file requested to be downloaded is deleted, and the reference file having the same file name previously stored in the memory 330 may be transmitted to the storage 120 allocated to the user. The registry hash and user information of the file requested to be downloaded may be stored in the memory 330 and used as data for determining file safety and user reliability through machine learning. In addition, while transmitting a reference file having the same file name stored in the memory 330 to the user who requested the download of the unsafe file to the storage 120 allocated to the user, the file may include a warning The message can be notified by push notification or the like.

If the reference file stored in the memory 330 does not exist with respect to the file requested to be downloaded by the user, the file safety determining unit 310 transmits the file requested to be downloaded to the storage 120 allocated to the user, The registry hash and user information of the file requested to be downloaded may be stored in the memory 330 and used as data for determining file safety and user reliability through machine learning.

The reference file can be determined through machine learning. The reference file is determined by taking into account the number of downloads and the user's trustworthiness of the user who downloaded the file, with the same file name but with the registry as any one of two or more different files . As an example of the present invention, the reference file may be any one of two or more files having the same file name but different from each other in the registry, among the files downloaded over a predetermined number of times, Lt; RTI ID = 0.0 > highest < / RTI > value.

If there is no downloaded file having the same file name but more than a preset number of times among the two or more other files in the registry, the download requested file is transmitted to the user until a downloaded file exists more than a predetermined number of times , The registry hash of the file requested to be downloaded and the user information may be stored in the memory 330 and used as data for judging the file safety through the machine learning and the user reliability. If the downloaded file occurs more than a predetermined number of times after that, the downloaded file may become the reference file. At this time, however, if the average value of the user trustworthiness of the downloaded files is more than the preset specific average value, it is determined that the file is unsafe and can not be designated as the reference file.

FIG. 7 is a reference diagram for explaining an embodiment of selecting a reference file through machine learning in the storage management system 200 when there is no previously stored reference file according to the present invention.

Assuming that there are five files having the same file name as "abcd.exe" in Fig. 7 but different registry values, the registry hash obtained by hash-transforming each registry may be a registry hash corresponding to the order numbers 1 to 5 in Fig. In order to determine a reference file among the files having the registry hashes corresponding to the numbers 1 to 5, a file corresponding to the highest value among the average values of the user reliability of the users who downloaded the file among the files downloaded over the predetermined number of times Can be determined. In this case, assuming that the predetermined number of times is 10, the file corresponding to the order number 3 has the highest value of 88 as the average of the user reliability, but can not be the reference file since the number of requested downloads is less than 10 times. Among the remaining files excluding the order number 3, if the average value is compared, the file corresponding to the order number 4 can be the reference file having the highest average value.

The reference file may not be fixed to a specific file once it is determined but may be fluidly changed based on data accumulated by a user's file download request thereafter.

The user reliability determination unit 320 can determine the reliability of the storage user. More specifically, based on the file security information stored in the memory 330, the user reliability determining unit 320 determines the ratio of the total number of files requested to be downloaded The user safety can be judged. The ratio can be expressed as a percentage. In this case, as an example of a criterion for judging whether or not the file is safe, the safety of the specific file is calculated by calculating an average value of user trustworthiness of the user who requested the download of the file, and when the average value of the user trustworthiness is more than half of the user trustworthiness value, , And less than half of the user confidence maximum value. More specifically, assuming that the average of the user trustworthiness of a user who has requested downloading of a specific file is stored as a percentile value, if the average of the user trustworthiness of the user who requested the download of the specific file is 50 or more, .

As a concrete example, among the files having the registry hash of the order numbers 1 to 5 shown in FIG. 7, the files having the average of the user trustworthiness of the users who requested the download are 50 or more in the order numbers 1,3 to 5, The file can be judged as a safe file, and the file having the average of the user trustworthiness of the users who have requested downloading is less than 50, the file corresponding to the order 2 can be judged as an unsafe file.

Since the file security and user reliability are related to each other, the file security and user reliability stored in the memory 330 are updated in real time so that the respective result values are reflected in the file security and the user reliability.

In the memory 330, a file requested by the user for downloading, a registry hash of the file, a reference file, a reference registry hash, storage user information, and user reliability can be stored.

The memory 330 may include a registry hash storage unit for storing the registry hash, a user reliability storage unit for storing the storage user information and user reliability, and a reference file storage unit for storing the reference file.

The memory 330 may be temporarily stored in the memory 330 before the file requested by the user is transferred to the storage 120 allocated to the user. If the reference file is selected from two or more other files having the same file name, the temporarily stored file may have the same file name except for the reference file, but the remaining files having different registry values may be deleted.

In the memory 330, a registry or a registry hash of a file requested by a user to download may be stored. The registry hash of the file requested to be downloaded may be compared with the reference registry hash stored in the memory 330 to determine whether the file is a secure file.

The memory 330 may store storage user information and storage user reliability.

4 is a block diagram illustrating another embodiment of the storage management system 200 according to the present invention.

The storage management system 200 shown in FIG. 4 may further include a fixed file control unit 340.

The storage management system 200 may further include a function of pre-storing, updating, and managing a program frequently used by the user in the memory 330.

The file stored in advance in the memory 330 may be a fixed file, a file frequently requested to be downloaded by a storage user, or a file that is required to be used in an enterprise.

The fixed file control unit 340 may periodically update the fixed file through a path that can reliably access the fixed file, and may provide an update file to the user who requested the download of the fixed file by way of update notification.

5 is a flowchart showing a flow of a storage management method when there is a previously stored reference file according to the present invention.

If there is a file download request by the storage user, the storage management system 200 may temporarily download the file, extract the registry of the file, and convert it into a registry hash (S510).

The registry hash may be compared with the reference registry hash of the reference file having the same file name previously stored in the memory 330 by the file security determination unit 310 to determine whether the file is a secure file (S520).

If it is determined that the file requested to be downloaded is a secure file, the file requested to be downloaded may be transmitted to the user storage 120 (S530). Alternatively, even if the file requested to be downloaded is determined to be a secure file, the reference file determined to be the safest file can be transmitted to the user storage 120.

If it is determined that the file requested to be downloaded is an insecure file, the file requested to be downloaded may be deleted and the reference file stored in the memory 330 may be transmitted to the user storage 120 at step S540. Then, it is possible to notify the user that the file requested to be downloaded is an unsafe file through a warning pop-up.

Thereafter, the information about the registry hash and the user who requested the download is stored in the memory 330 (S550), thereby making it possible to determine the user reliability and the file safety based on the machine learning.

FIG. 6 is a flowchart illustrating a flow of a storage management method when there is no previously stored reference file according to the present invention.

If there is a file download request by the storage user, the storage management system 200 may temporarily download the file, extract the registry of the file, and convert the registry into a registry hash (S610).

If there is no reference file having the same file name as the file having the download request, the file requested to be downloaded may be transferred to the user storage 120 until the reference file is designated (S620).

The registry hash of the file requested to be downloaded and the user information may be stored in the memory 330 (S630), and may be used as a basis for determining user trust and file security by machine learning.

According to the present invention, malicious files including malicious code can be distinguished and blocked regardless of file format by using machine learning.

According to the present invention, there is an effect of improving the stability of the storage 120 by allowing only safe files to be downloaded by judging and selecting unsafe files and secure files using machine learning.

In addition, according to the present invention, it is possible to distinguish a storage user who distributes malicious files, such as malicious code and files having incorrect information, by LIST, by evaluating and storing the reliability of storage users by using machine learning, It is possible to manage the malicious user by limiting the use of the storage of the malicious user who distributes it.

In addition, according to the present invention, the storage 120 is protected from malicious files, thereby reducing system maintenance costs due to transmission of malicious files.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments of the present invention are not intended to limit the scope of the present invention but to limit the scope of the present invention. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents thereof should be construed as being included in the scope of the present invention.

100: No Hard PC Rental System
110: No Hard PC
120: Storage
200: Storage Management System
310: file safety judgment unit
320: User reliability determination unit
330: Memory
340: fixed file control unit

Claims (13)

A file safety judging unit for judging the security of the file by using a registry of the file stored in the storage;
A user reliability determining unit for determining a reliability of a user using the storage; And
A registry of a file stored in the storage, and a memory for storing the user reliability. The method according to claim 1,
Wherein the registry is converted into a hash by the file safety decider and compared with a registry hash, and the registry is stored in the memory unit as a registry hash. The method according to claim 1,
The file safety judgment unit
Wherein the file management server determines the security of the file by comparing the registry of the file stored in the storage with the reference registry of the reference file having the same file name previously stored in the memory. The method of claim 3,
Wherein the file security judging unit judges whether the file registry is identical to the registry of the file stored in the storage and judges whether the file is a safe file if the same is the same. The method according to claim 1,
The user reliability determining unit
Wherein the storage management system determines a percentage of a percentage of the files downloaded by the storage user occupied by the secure file as the user reliability. The method of claim 3,
The file safety judgment unit
The average of the user trustworthiness of users who have the same file name but have downloaded the respective files among the two or more files having different file names in the registry is determined to determine the file having the highest user trust average as a reference file, The storage management system comprising: The method according to claim 6,
Wherein the reference file is one of files that have the same file name but are downloaded more than a predetermined number of times among two or more files having different registry. The method according to claim 1,
The memory comprising:
A registry storing unit for storing the registry;
A user reliability storage unit for storing the reliability of the storage user; And
And a reference file storage unit in which a reference file is stored. Storing a registry of a file requested to be downloaded to the storage;
Comparing the registry with a reference registry of a reference file of the same file name previously stored in the memory; And
If the registry is the same as the reference registry, determining that the file is a secure file and allowing downloading; and if not, determining that the file is unsafe and downloading the reference file stored in the memory without allowing downloading Storage management features characterized by. 10. The method of claim 9,
Wherein the reference registry is converted into a hash and stored in the memory, and the registry of the file requested to be downloaded is converted into a registry hash and compared with the reference registry hash. 10. The method of claim 9,
The base registry
The average of the user trustworthiness of users who have the same file name but have downloaded the respective files among the two or more files having different file names in the registry is determined to determine the file having the highest user trust average as a reference file, The storage management method comprising: 12. The method of claim 11,
The user confidence
Wherein a ratio of a file occupied by a secure file among the files downloaded by the storage user is expressed as a percentage. 12. The method of claim 11,
Wherein the reference file is one of files that have the same file name but are downloaded more than a predetermined number of times among two or more different files in the registry.

Images