US 12,393,338 B2
Storage and method for machine learning-based detection of ransomware attacks on a storage system
Shaul Dar, Petach Tikva (IL); Ramakanth Kanagovi, Bengaluru (IN); Guhesh Swaminathan, Tamil Nadu (IN); and Rajan Kumar, Nawada (IN)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products, L.P., Round Rock, TX (US)
Filed on Jan. 24, 2023, as Appl. No. 18/158,735.
Prior Publication US 2024/0248604 A1, Jul. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 3/06 (2006.01)
CPC G06F 3/061 (2013.01) [G06F 3/0655 (2013.01); G06F 3/0679 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, executed on a computing device, comprising:
processing a plurality of input/output (IO) requests associated with a plurality of storage objects of a storage system;
generating a plurality of IO features using the plurality of IO requests including a combination of:
a percentage of overwrite IO requests, wherein an overwrite IO request is a read IO request followed by a write IO request with the same logical address and length,
a percentage of sequential read IO requests, wherein a sequential read IQ request is a read IO request concerning an adjacent portion of memory as read from an immediately previous read IO request, and
a percentage of sequential write IO requests, wherein a sequential write IO request is a write IO request concerning an adjacent portion of memory as written to by an immediately previous write IO request;
processing the plurality of IO features using a machine learning model; and
monitoring for a ransomware attack on the storage system in real-time based upon, at least in part, the processing of the plurality of IO features using the machine learning model.