公开(公告)号：US20250133108A1

公开(公告)日：2025-04-24

申请号：US18423922

申请日：2024-01-26

Applicant: NetApp, Inc.

Inventor： Mesfin Dema ,  Muneem Shahriar ,  Arunkumar Gururajan ,  Kiran Doreswamy ,  Joseph Aboukhalil ,  Gagan Gulati ,  Gaurav Makkar

IPC: H04L9/40

Abstract: Described herein are systems, methods, and software to implement multi-level ransomware detection via file processing. In one example, a computing device conducts a first level of ransomware detection on a file, wherein the first level of ransomware detection comprises identifying features of the file that include a measure of randomness in the file. The computing device further inputs the features to a machine learning model that outputs a determination of whether the file has been attacked. The computing device further determines whether to conduct a second level of ransomware detection based on the determination.

公开(公告)号：US20250131088A1

公开(公告)日：2025-04-24

申请号：US18424212

申请日：2024-01-26

Applicant: NetApp, Inc.

Inventor： Muneem Shahriar ,  Mesfin Dema ,  Arunkumar Gururajan ,  Kiran Doreswamy ,  Joseph Aboukhalil ,  Gagan Gulati ,  Gaurav Makkar

IPC: G06F21/56

Abstract: Described herein are systems, methods, and software to provide ransomware detection using variable levels of encryption. In one implementation, a computing device identifies a set of files, wherein the set of files each comprise a label indicative of whether the file is representative of a safe file or a file attacked by ransomware, and wherein the set of files comprises unencrypted files, partially encrypted files, and fully encrypted file. The computing device further identifies features associated with the set of files and generates a machine learning model that outputs a determination of whether a new file has been attacked based at least on the features in relation to whether a file in the set of files was labeled as attacked.

公开(公告)号：US20250131091A1

公开(公告)日：2025-04-24

申请号：US18424122

申请日：2024-01-26

Applicant: NetApp, Inc.

Inventor： Muneem Shahriar ,  Mesfin Dema ,  Arunkumar Gururajan ,  Kiran Doreswamy ,  Joseph Aboukhalil ,  Gagan Gulati ,  Gaurav Makkar

IPC: G06F21/56

Abstract: Described herein are systems, methods, and software to implement cloud ransomware detection. In one example, a computing device receives features of a file from a second computing device remote from the cloud environment, the features comprising at least a measure of randomness for the file and an identifier for a user associated with a modification to the file. The computing device further user information associated with a user of the modified the file and applies a machine learning model to determine whether the file was attacked based on the features and the user information. The computing device also communicates a notification to the second computing device indicating whether the file was attacked.

公开(公告)号：US20250131090A1

公开(公告)日：2025-04-24

申请号：US18424050

申请日：2024-01-26

Applicant: NetApp, Inc.

Inventor： Muneem Shahriar ,  Mesfin Dema ,  Arunkumar Gururajan ,  Kiran Doreswamy ,  Joseph Aboukhalil ,  Gagan Gulati ,  Gaurav Makkar

IPC: G06F21/56

Abstract: Described herein are systems, methods, and software to implement ransomware detection by varying chunk size in files. In one example, a computing device extracts a first set of chunks from a file, the first set of chunks each representing a first sized portion of the file. The computing device further first features in association with the first set of chunks, the first features comprising a measure of randomness associated with the first set of chunks. The computing device also inputs the first features to a machine learning model that outputs a determination of whether the file has been attacked and determines whether to reduce the first sized portion based on the determination.