| CPC G06F 21/566 (2013.01) [G06F 2221/034 (2013.01)] | 16 Claims |
|
1. A method of assessing a likelihood of a presence of a ransomware attack on computer resources, the method comprising:
providing as an input, to an AI ransomware detection system, a set of computer data statistical profiles derived from a corresponding set of samples of subject computer data, including data content and metadata; and
obtaining from the AI ransomware detection system an output predicting the likelihood of the presence of a ransomware attack in the set of samples of subject computer data;
wherein:
the AI ransomware detection system utilizes a machine learning system trained, to achieve a plurality of data models, (i) with each model trained initially on a corresponding cluster of curated computer data statistics profiles, (ii) each cluster of curated data statistics profiles being statistics characterizing a corresponding cluster of curated samples resulting from exposing a selection of raw data samples to processing by actual ransomware, and (iii) each selection of raw data samples reflecting a corresponding set of target criteria governing the selection;
each model subject to a plurality of iterations against initial validation data until there results a convergence of performance over successive iterations, with a determination during such iterations to ensure that sample sources from the same backups are not present in both training and validation models; and
the plurality of data models has been subject to final validation against actual customer data to address data drift between the curated samples and the actual customer data that would otherwise result in excessive false predictions.
|