US 12,437,059 B2
Workload pattern detection
Loic Fura, Poughkeepsie, NY (US); Chon N. Lei, Poughkeepsie, NY (US); Joseph Gentile, Wappingers Falls, NY (US); Jayapreetha Natesan, Hopewell Junction, NY (US); Abuchi Obiegbu, Poughkeepsie, NY (US); and Olayinka Adesanya, Fishkill, NY (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jun. 27, 2023, as Appl. No. 18/341,832.
Prior Publication US 2025/0005140 A1, Jan. 2, 2025
Int. Cl. G06F 21/55 (2013.01); G06N 7/01 (2023.01)
CPC G06F 21/552 (2013.01) [G06N 7/01 (2023.01); G06F 2221/034 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
retrieving instructions for a plurality of processes;
generating a sample of the instructions for the plurality of processes, wherein the sample of the instructions are non-sequential in regards to the instructions execution order, and wherein the sample of the instructions are randomly selected and include filtering aspects that attribute the sample to a device or process the sample of the instructions are retrieved from;
determining, using a machine learning model, a probability that the sample includes instructions from malicious processes;
in response to the probability exceeding a threshold value, restricting one or more aspects of operation for at least one process of the plurality of processes;
filtering, in response to the probability exceeding the threshold value, at least one process from the sample based on one or more identifiers corresponding to the filtering aspects that attribute the sample to the device or the process;
and generating a sample for at least each process and device that includes the instructions from the malicious process.