-
公开(公告)号:US20210409425A1
公开(公告)日:2021-12-30
申请号:US17062732
申请日:2020-10-05
Applicant: NetApp, Inc.
Inventor: Prateeksha Varshney , Siddhartha Nandi , Jayanta Basak
Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks. In one example, an agent implemented in an operating system detects an overwrite in which an original data component is overwritten with a new data component. The agent computes a plurality of features associated with the overwrite, the plurality of features including an original entropy corresponding to the original data component, a new entropy corresponding to the new data component, an overwrite fraction, and a set of divergence features. The agent determines whether the new data component is encrypted using the plurality of features.
-
公开(公告)号:US20240022597A1
公开(公告)日:2024-01-18
申请号:US18477879
申请日:2023-09-29
Applicant: NetApp Inc.
Inventor: Prateeksha Varshney , Siddhartha Nandi , Jayanta Basak
CPC classification number: H04L63/145 , H04L63/1416 , G06F21/602
Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks. In one example, an agent implemented in an operating system detects an overwrite in which an original data component is overwritten with a new data component. The agent computes a plurality of features associated with the overwrite, the plurality of features including an original entropy corresponding to the original data component, a new entropy corresponding to the new data component, an overwrite fraction, and a set of divergence features. The agent determines whether the new data component is encrypted using the plurality of features.
-
公开(公告)号:US11755736B1
公开(公告)日:2023-09-12
申请号:US17935689
申请日:2022-09-27
Applicant: NetApp, Inc.
Inventor: Jagadish Vasudeva , Prateeksha Varshney , Priya Sehgal , Mrinal K. Bhattacharjee , Amit Valjibhai Panara , Siddhartha Nandi
CPC classification number: G06F21/566 , G06F21/54 , G06F21/568 , G06F21/577 , G06F21/602
Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.
-
Patent Agency Ranking
公开(公告)号:US12099606B2
公开(公告)日:2024-09-24
申请号:US18464714
申请日:2023-09-11
Applicant: NetApp, Inc.
Inventor: Jagadish Vasudeva , Prateeksha Varshney , Priya Sehgal , Mrinal K. Bhattacharjee , Amit Valjibhai Panara , Siddhartha Nandi
CPC classification number: G06F21/566 , G06F21/54 , G06F21/568 , G06F21/577 , G06F21/602
Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.
-
公开(公告)号:US20240111870A1
公开(公告)日:2024-04-04
申请号:US18464714
申请日:2023-09-11
Applicant: NetApp, Inc.
Inventor: Jagadish Vasudeva , Prateeksha Varshney , Priya Sehgal , Mrinal K. Bhattacharjee , Amit Valjibhai Panara , Siddhartha Nandi
CPC classification number: G06F21/566 , G06F21/54 , G06F21/568 , G06F21/577 , G06F21/602
Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.
-
公开(公告)号:US11792223B2
公开(公告)日:2023-10-17
申请号:US17062732
申请日:2020-10-05
Applicant: NetApp, Inc.
Inventor: Prateeksha Varshney , Siddhartha Nandi , Jayanta Basak
CPC classification number: H04L63/145 , G06F21/602 , H04L63/1416
Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks. In one example, an agent implemented in an operating system detects an overwrite in which an original data component is overwritten with a new data component. The agent computes a plurality of features associated with the overwrite, the plurality of features including an original entropy corresponding to the original data component, a new entropy corresponding to the new data component, an overwrite fraction, and a set of divergence features. The agent determines whether the new data component is encrypted using the plurality of features.
-
公开(公告)号:US11475132B2
公开(公告)日:2022-10-18
申请号:US16942123
申请日:2020-07-29
Applicant: NetApp, Inc.
Inventor: Jagadish Vasudeva , Prateeksha Varshney , Priya Sehgal , Mrinal K. Bhattacharjee , Amit Valjibhai Panara , Siddhartha Nandi
Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file is associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.
-
公开(公告)号:US20210334374A1
公开(公告)日:2021-10-28
申请号:US16942123
申请日:2020-07-29
Applicant: NetApp, Inc.
Inventor: Jagadish Vasudeva , Prateeksha Varshney , Priya Sehgal , Mrinal K. Bhattacharjee , Amit Valjibhai Panara , Siddhartha Nandi
Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks (e.g., ransomware attacks) and mitigating data loss. In one or more embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.012 seconds)
