	US 12,411,958 B2
	Early and adaptive stream sampling system and method for machine learning-based optimizations in storage systems
Shaul Dar, Petach Tikva (IL); Ramakanth Kanagovi, Telangana (IN); Guhesh Swaminathan, Tamil Nadu (IN); and Rajan Kumar, Bihar (IN)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Apr. 11, 2023, as Appl. No. 18/133,110.
Prior Publication US 2024/0346150 A1, Oct. 17, 2024
Int. Cl. G06F 21/57 (2013.01); G06F 21/56 (2013.01)

CPC G06F 21/577 (2013.01) [G06F 21/564 (2013.01)]

20 Claims

1. A method of detecting a security threat in a storage system using a machine learning (ML) model, comprising:

obtaining a sub-slice of sampled data by performing early sampling of a slice of successive input/output (IO) or non-IO operations directed to a storage object maintained on a storage device of a storage system;

generating a plurality of features based on the sub-slice of sampled data;

processing the plurality of features using an ML model;

generating a probability score for the sub-slice of sampled data based on an output of the ML model;

determining that the probability score falls within a range of overlap of continuous variable distributions for a benign class of data and a threat class of data;

in response to the probability score falling above a specified threshold within the range of overlap, comparing a class signature of the sub-slice of sampled data with a class signature of the threat class of data to determine a similarity between the respective class signatures; and

in response to the similarity between the respective class signatures exceeding a predetermined similarity level, assigning a “threat” class label to the probability score, and performing a remedial action on the storage system to address a perceived security threat involving the storage object.