US 12,483,571 B2
Protection of cloud storage devices from anomalous encryption operations
Ariel Brukman, Kiryat Ata (IL); and Ram Haim Pliskin, Rishon Le Tsion (IL)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 19, 2022, as Appl. No. 18/084,251.
Prior Publication US 2024/0205249 A1, Jun. 20, 2024
Int. Cl. G06N 20/00 (2019.01); G06F 21/55 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/1441 (2013.01)] 19 Claims
OG exemplary drawing
 
1. An apparatus comprising:
a processor; and
a non-transitory memory on which is stored machine-readable instructions that when executed by the processor, cause the processor to:
determine that an encryption operation has been requested or executed through a cloud control plane capability with respect to a cloud storage device;
identify at least one element associated with the request or execution of the encryption operation;
determine whether a difference between the identified at least one element and a learned behavior corresponding to the at least one element exceeds a predefined threshold;
determine that the requested or executed encryption operation with respect to the cloud storage device is anomalous based on the determination that the difference exceeds the predefined threshold; and
based on a determination that the requested or executed encryption operation with respect to the cloud storage device is anomalous, at least one of:
output an alert; and
perform a remedial action.