×

Ransomware detection using I/O patterns

  • US 10,078,459 B1
  • Filed: 09/26/2016
  • Issued: 09/18/2018
  • Est. Priority Date: 09/26/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving an I/O request from a host, the I/O request associated with one or more chunks within a logical unit (LU) of storage;

    adding metadata about the I/O request to recent I/O activity data structures associated with the LU;

    generating a ransomware probability by comparing the recent I/O activity data structures to the historical I/O activity data structures associated with the LU;

    if the ransomware probability exceeds a first threshold value, taking one or more first actions to mitigate the effects of ransomware within the host; and

    if the ransomware probability exceeds a second threshold value, taking one or more second actions to mitigate the effects of ransomware within the host, wherein the second threshold value is greater than the first threshold value;

    wherein the one or more first actions include commencing copy-on-write (COW) for the LU and wherein the one or more second actions include generating a notification of suspected ransomware.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×