HOST AGENT-ASSISTED DETECTION OF MALICIOUS ATTACK ON STORAGE ARRAY

Organization Name

dell products l.p.

Inventor(s)

Krishna Deepak Nuthakki of Bangalore (IN)

Tomer Shachar of Beer-Sheva (IL)

Sunil Kumar of Bangalore (IN)

Arieh Don of Newton MA (US)

HOST AGENT-ASSISTED DETECTION OF MALICIOUS ATTACK ON STORAGE ARRAY - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240104208 titled 'HOST AGENT-ASSISTED DETECTION OF MALICIOUS ATTACK ON STORAGE ARRAY

Simplified Explanation

The patent application describes a system where host agents running on host servers provide current and historic host application awareness information to a storage array. This information is used to train a host application-specific model of IO characteristics, which is then used to detect malicious activity.

• Host agents on host servers provide current and historic host application awareness information to a storage array.
• The storage array uses this information to train a host application-specific model of IO characteristics.
• The model is used to detect malicious activity by analyzing current host application awareness information and observed IO characteristics.

Potential Applications

This technology could be applied in cybersecurity systems to detect and prevent malicious activities in storage arrays.

Problems Solved

This technology helps in identifying and preventing malicious activities in storage arrays by analyzing host application awareness information and IO characteristics.

Benefits

The system provides an additional layer of security for storage arrays by detecting and preventing malicious activities based on host application awareness information.

Potential Commercial Applications

One potential commercial application of this technology could be in the development of advanced cybersecurity solutions for storage systems.

Possible Prior Art

One possible prior art for this technology could be existing systems that use machine learning models to detect anomalies in storage systems based on IO characteristics and application behavior.

What are the specific types of host application roles mentioned in the abstract?

The specific types of host application roles mentioned in the abstract are normal operation, creation of a remote backup, cloning of the storage object, snapping of the storage object, restoring the storage object from a snapshot, scanning a database in the storage object, and scanning the storage object.

How does the system use the host application-specific model to detect malicious activity?

The system uses the host application-specific model, trained based on historic host application awareness information and observed IO characteristics, to analyze current host application awareness information and IO characteristics. By comparing the observed behavior with the model, the system can detect deviations that may indicate malicious activity.

Original Abstract Submitted

host agents running on host servers provide current and historic host application awareness information to a storage array. the storage array uses the historic host application awareness information to train a host application-specific model of io characteristics. the current host application awareness information and observed io characteristics are used as inputs to the model to detect malicious activity. the current and historic host application awareness information includes host application roles such as normal operation, creation of a remote backup, cloning of the storage object, snapping of the storage object, restoring the storage object from a snapshot, scanning a database in the storage object, and scanning the storage object.