US 12,437,064 B2
Ransomware detection using inode traversal scoring
Ofir Ezrielev, Be'er Sheba (IL); Yehiel Zohar, Sderot (IL); Yevgeni Gehtman, Modi'in (IL); Tomer Shachar, Beer-Sheva (IL); and Maxim Balin, Gan-Yavne (IL)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Mar. 24, 2023, as Appl. No. 18/189,928.
Prior Publication US 2024/0320327 A1, Sep. 26, 2024
Int. Cl. G06F 21/55 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/554 (2013.01) [G06F 21/6218 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
monitoring a file access request made by a process;
in response to the file access request, searching, in a pointer array that corresponds to the process, for a pointer to the file that was requested by the process;
when the pointer is found in the pointer array, incrementing a score associated with the process;
performing an anomaly detection check; and
when an anomaly is detected, blocking access to the file by the process, and when no anomaly is detected, updating the pointer array to include a pointer to the file to which access was requested by the process.