US 12,437,065 B2
System and method for targeted machine learning-based detection and prevention of ransomware attacks on a storage system
Shaul Dar, Petach Tikva (IL); Ramakanth Kanagovi, Bengaluru (IN); Guhesh Swaminathan, Tamil Nadu (IN); Rajan Kumar, Nawada (IN); and Sanjib Mallick, Bangalore (IN)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on May 3, 2023, as Appl. No. 18/311,341.
Prior Publication US 2024/0370557 A1, Nov. 7, 2024
Int. Cl. G06F 21/55 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/554 (2013.01) [G06F 21/566 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, executed on a computing device, comprising:
monitoring for a potential ransomware attack on a storage object of a storage system based upon, at least in part, processing of a plurality of input/output (IO) features associated with the storage object using a machine learning model;
identifying a host computing device associated with the storage object under the potential ransomware attack;
identifying a process executing on the host computing device associated with the storage object under the potential ransomware attack;
determining whether permissions associated with the storage object have changed within a threshold period of time; and
performing a remedial action on the storage system in response to identifying the process executing on the host computing device.