17877435. RANSOMWARE AND MALICIOUS SOFTWARE PROTECTION IN SSD/UFS BY NVME INSTRUCTIONS LOG ANALYSIS BASED ON MACHINE-LEARNING simplified abstract (SAMSUNG ELECTRONICS CO., LTD.)
RANSOMWARE AND MALICIOUS SOFTWARE PROTECTION IN SSD/UFS BY NVME INSTRUCTIONS LOG ANALYSIS BASED ON MACHINE-LEARNING
Organization Name
Inventor(s)
Ariel Doubchak of Suwon-si (KR)
RANSOMWARE AND MALICIOUS SOFTWARE PROTECTION IN SSD/UFS BY NVME INSTRUCTIONS LOG ANALYSIS BASED ON MACHINE-LEARNING - A simplified explanation of the abstract
This abstract first appeared for US patent application 17877435 titled 'RANSOMWARE AND MALICIOUS SOFTWARE PROTECTION IN SSD/UFS BY NVME INSTRUCTIONS LOG ANALYSIS BASED ON MACHINE-LEARNING
Simplified Explanation
The abstract describes a storage system that includes a host device and a storage device with a memory and processor. The storage device has a storage internal protection (SIP) module that performs the following functions:
- Obtains a plurality of storage commands from the host device that correspond to the memory.
- Filters the storage commands to obtain a filtered plurality of storage commands.
- Applies information about the filtered storage commands to a machine-learning ransomware detection algorithm.
- Provides a notification to the host device if the machine-learning ransomware detection algorithm indicates the detection of a ransomware operation.
Potential Applications:
- Data storage systems with built-in ransomware detection capabilities.
- Enhancing the security of storage devices by detecting and preventing ransomware attacks.
- Protecting sensitive data from being encrypted and held hostage by ransomware.
Problems Solved:
- Ransomware attacks can encrypt data and demand ransom for its release, causing significant financial and operational damage. This technology helps detect and prevent such attacks.
- Traditional security measures may not be sufficient to detect new and evolving ransomware variants. The machine-learning algorithm used in this system can adapt and learn from new patterns to improve detection accuracy.
Benefits:
- Early detection of ransomware attacks allows for timely response and mitigation measures.
- Integration of ransomware detection within the storage device reduces reliance on external security solutions.
- Machine-learning algorithm improves detection accuracy by continuously learning and adapting to new ransomware patterns.
Original Abstract Submitted
A storage system, including a host device; and a storage device including a memory and at least one processor configured to implement a storage internal protection (SIP) module, wherein the SIP module is configured to: obtain, from the host device, a plurality of storage commands corresponding to the memory, filter the plurality of storage commands to obtain a filtered plurality of storage commands, apply information about the filtered plurality of storage commands to a machine-learning ransomware detection algorithm, and based on the machine-learning ransomware detection algorithm indicating that a ransomware operation is detected, provide a notification to the host device.