&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11720714.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,720,714 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Inter-I/O relationship based detection of a security threat to a storage system</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Ethan L. Miller,  Santa Cruz, CA (US);  Ronald Karr,  Palo Alto, CA (US);  Alexandre Xavier Duch&#xe2;teau,  Bellevue, WA (US); and  Constantine P Sapuntzakis,  Palo Alto, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Pure Storage, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Pure Storage, Inc.,  Mountain View, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  30, 2020, as Appl. No. 17/39,556.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/039,556 is a continuation in part of application No. 16/711,060, filed on Dec.  11, 2019, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/985,229, filed on Mar.  4, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/939,518, filed on Nov.  22, 2019.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2021/0216666 A1, Jul.  15, 2021</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/78</b></i> (2013.01); <i><b>G06F 3/06</b></i> (2006.01); <i><b>G06F 21/56</b></i> (2013.01); <i><b>G06F 21/57</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/78</b></i> (2013.01)&#xa0;[<i><b>G06F 3/0604</b></i> (2013.01); <i><b>G06F 3/067</b></i> (2013.01); <i><b>G06F 3/0622</b></i> (2013.01); <i><b>G06F 3/0653</b></i> (2013.01); <i><b>G06F 3/0659</b></i> (2013.01); <i><b>G06F 21/566</b></i> (2013.01); <i><b>G06F 21/577</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>19 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11720714-20230808-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">determining, by a data protection system, that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold;</div>
                <div class="claim_text">determining, by the data protection system, a first compressibility metric associated with the write traffic, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed;</div>
                <div class="claim_text">determining, by the data protection system, a second compressibility metric associated with the read traffic, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed;</div>
                <div class="claim_text">determining, by the data protection system based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic;</div>
                <div class="claim_text">identifying, by the data protection system, an anomaly in a relationship between one or more input operations and one or more output operations performed between a source and the storage system; and</div>
                <div class="claim_text">determining, by the data protection system based on the identifying of the anomaly and based on the total amount of read traffic and write traffic exceeding the threshold and based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>