Patent · US Active

Detection of unauthorized encryption using deduplication efficiency metric

US11822656B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

EMC IP Holding Company LLC · US

Inventors

Yevgeni Gehtman · Lod, IL
Maxim Balin · Gan Yavne, IL
Tomer Shachar · Beer Sheva, IL

Key dates

Filing date	Oct 29, 2020
Grant date	Nov 21, 2023
Priority date	—
Expiry date	Dec 17, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/78
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Techniques are provided for detection of unauthorized encryption using one or more deduplication efficiency metrics. One method comprises obtaining a deduplication efficiency value for a deduplication operation in a storage system; evaluating the deduplication efficiency value for the deduplication operation relative to an expected deduplication efficiency value; and performing one or more automated remedial actions, such as generating an alert notification, in response to the evaluating satisfying one or more deduplication criteria. A count of a number of concurrent users may be compared to an expected number of concurrent users, and/or (ii) a count of a number of concurrent sessions for a given user may be compared to an expected number of concurrent sessions for the given user. A ransomware alert or an unauthorized encryption alert may be generated when the evaluating and/or the comparison satisfy predefined attack criteria.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.