Dell products l.p. (20240111863). USING SNAPSHOTS FOR ANOMALY DETECTION simplified abstract
Contents
- 1 USING SNAPSHOTS FOR ANOMALY DETECTION
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 USING SNAPSHOTS FOR ANOMALY DETECTION - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Unanswered Questions
- 1.11 Original Abstract Submitted
USING SNAPSHOTS FOR ANOMALY DETECTION
Organization Name
Inventor(s)
Michael Ferrari of Douglas MA (US)
Benjamin Randolph of Uxbridge MA (US)
USING SNAPSHOTS FOR ANOMALY DETECTION - A simplified explanation of the abstract
This abstract first appeared for US patent application 20240111863 titled 'USING SNAPSHOTS FOR ANOMALY DETECTION
Simplified Explanation
The abstract of the patent application describes a method for identifying anomalies in storage objects by comparing the characteristics of new snapshots with a profile computed from previous snapshots. The characteristics include percent data changed, write LBA dispersion, write data reducibility, number and size of writes, write workload profile, and write content profile.
- Percent data changed between consecutive snapshots
- Write LBA dispersion
- Write data reducibility
- Number and size of writes
- Write workload profile
- Write content profile
Potential Applications
This technology can be applied in cybersecurity systems to detect malicious attacks on storage objects.
Problems Solved
This technology solves the problem of identifying anomalies in storage objects that could be indicative of a malicious attack.
Benefits
The benefits of this technology include enhanced security measures for storage objects and early detection of potential cyber threats.
Potential Commercial Applications
The potential commercial applications of this technology include cybersecurity software for businesses and organizations.
Possible Prior Art
One possible prior art for this technology could be anomaly detection algorithms used in cybersecurity systems.
Unanswered Questions
How does this technology handle false positives in anomaly detection?
The article does not address how the system distinguishes between actual malicious attacks and normal variations in storage object characteristics.
What is the computational overhead of implementing this technology in a storage system?
The article does not provide information on the computational resources required to compute and compare the characteristics of storage object snapshots.
Original Abstract Submitted
a profile of characteristics of a normal snapshot of a storage object is computed from previous snapshots of the storage object. characteristics of a new snapshot are compared with the characteristics in the profile to identify an anomaly indicative of a malicious attack. the characteristics include percent data changed between consecutive snapshots, write lba dispersion, write data reducibility, number and size of writes, write workload profile, and write content profile. the new snapshot is only vaulted or air-gapped if all its characteristics are within ranges defined by the profile.