| CPC H04L 63/1416 (2013.01) | 14 Claims |
|
1. A method comprising:
intercepting one or more input/output (IO) write requests from an IO workload;
identifying a likely cyber-attack event based on a bit density of write data corresponding to the one or more IO requests;
identifying requests to access a logical device or corresponding tracks of the logical device, wherein the identified requests correspond to IO messages of the IO workload;
establishing an access bitmap for each track of the logical device;
determining an access rate of the logical device based on each access bitmap corresponding to the tracks of the logical device during a time window;
performing a comparison of the determined access rate during the time window with an anticipated access rate defined by access request patterns for the time window; and
mitigating the cyber-attack event.
|