公开(公告)号：US11755736B1

公开(公告)日：2023-09-12

申请号：US17935689

申请日：2022-09-27

申请人： NetApp, Inc.

发明人： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/60 ,  G06F21/57

CPC分类号： G06F21/566 ,  G06F21/54 ,  G06F21/568 ,  G06F21/577 ,  G06F21/602

摘要： A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

公开(公告)号：US11475132B2

公开(公告)日：2022-10-18

申请号：US16942123

申请日：2020-07-29

申请人： NetApp, Inc.

发明人： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/60 ,  G06F21/57

摘要： A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file is associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

公开(公告)号：US20210334374A1

公开(公告)日：2021-10-28

申请号：US16942123

申请日：2020-07-29

申请人： NetApp, Inc.

发明人： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

摘要： A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks (e.g., ransomware attacks) and mitigating data loss. In one or more embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

公开(公告)号：US12099606B2

公开(公告)日：2024-09-24

申请号：US18464714

申请日：2023-09-11

申请人： NetApp, Inc.

发明人： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

CPC分类号： G06F21/566 ,  G06F21/54 ,  G06F21/568 ,  G06F21/577 ,  G06F21/602

摘要： A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

公开(公告)号：US20240111870A1

公开(公告)日：2024-04-04

申请号：US18464714

申请日：2023-09-11

申请人： NetApp, Inc.

发明人： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC分类号： G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

CPC分类号： G06F21/566 ,  G06F21/54 ,  G06F21/568 ,  G06F21/577 ,  G06F21/602

摘要： A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.