17956085. USING SNAPSHOTS FOR ANOMALY DETECTION simplified abstract (Dell Products L.P.)
Contents
- 1 USING SNAPSHOTS FOR ANOMALY DETECTION
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 USING SNAPSHOTS FOR ANOMALY DETECTION - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Unanswered Questions
- 1.11 Original Abstract Submitted
USING SNAPSHOTS FOR ANOMALY DETECTION
Organization Name
Inventor(s)
Michael Ferrari of Douglas MA (US)
Benjamin Randolph of Uxbridge MA (US)
USING SNAPSHOTS FOR ANOMALY DETECTION - A simplified explanation of the abstract
This abstract first appeared for US patent application 17956085 titled 'USING SNAPSHOTS FOR ANOMALY DETECTION
Simplified Explanation
The patent application describes a method for detecting anomalies in storage objects by comparing characteristics of new snapshots with a profile created from previous snapshots. The characteristics include percent data changed, write LBA dispersion, write data reducibility, number and size of writes, write workload profile, and write content profile. Anomalies are identified if the characteristics fall outside defined ranges in the profile.
- Percent data changed between consecutive snapshots
- Write LBA dispersion
- Write data reducibility
- Number and size of writes
- Write workload profile
- Write content profile
Potential Applications
The technology could be applied in cybersecurity systems to detect malicious attacks on storage objects.
Problems Solved
The technology helps in identifying anomalies in storage objects that could indicate a security breach or malicious activity.
Benefits
- Improved security for storage systems - Early detection of potential threats - Efficient monitoring of storage object changes
Potential Commercial Applications
The technology could be used in data centers, cloud storage services, and other IT infrastructure to enhance security measures.
Possible Prior Art
One possible prior art could be traditional anomaly detection methods in cybersecurity systems that focus on network traffic or system logs rather than storage object characteristics.
Unanswered Questions
How does the technology handle false positives in anomaly detection?
The article does not provide information on how the system distinguishes between actual anomalies and normal variations in storage object characteristics.
What is the computational overhead of implementing this technology in a storage system?
The article does not address the potential impact on system performance or resource utilization when continuously computing and comparing snapshot characteristics.
Original Abstract Submitted
A profile of characteristics of a normal snapshot of a storage object is computed from previous snapshots of the storage object. Characteristics of a new snapshot are compared with the characteristics in the profile to identify an anomaly indicative of a malicious attack. The characteristics include percent data changed between consecutive snapshots, write LBA dispersion, write data reducibility, number and size of writes, write workload profile, and write content profile. The new snapshot is only vaulted or air-gapped if all its characteristics are within ranges defined by the profile.
