US 12,189,997 B2
Host agent-assisted detection of malicious attack on storage array
Krishna Deepak Nuthakki, Bangalore (IN); Tomer Shachar, Beer-Sheva (IL); Sunil Kumar, Bangalore (IN); and Arieh Don, Newton, MA (US)
Assigned to DELL PRODUCTS L.P., Hopkinton, MA (US)
Filed by DELL PRODUCTS L.P., Hopkinton, MA (US)
Filed on Sep. 23, 2022, as Appl. No. 17/951,225.
Prior Publication US 2024/0104208 A1, Mar. 28, 2024
Int. Cl. G06F 3/06 (2006.01); G06F 11/30 (2006.01); G06F 13/20 (2006.01); G06F 21/31 (2013.01); G06F 21/56 (2013.01); H04L 9/40 (2022.01); H04L 41/0663 (2022.01)
CPC G06F 3/0673 (2013.01) [G06F 3/061 (2013.01); G06F 11/3006 (2013.01); G06F 13/20 (2013.01); G06F 21/316 (2013.01); G06F 21/566 (2013.01); H04L 41/0663 (2013.01); H04L 63/1425 (2013.01); G06F 2213/40 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a storage array from a plurality of host agents running on host servers, current host application awareness information comprising at least one host application role of a plurality of host application roles performed by instances of a host application;
observing, by the storage array, characteristics of input-output operations (IOs) by instances of the host application to access at least one storage object maintained for the host application by the storage array; and
using the current host application awareness information and the observed characteristics of IOs by instances of the host application to access the at least one storage object as inputs to a host application-specific model to predict that the at least one storage object is a target of malicious access activity.