Host multi-path layer with IO analytics for malware defense

Assignee

• Dell Products L.P. · US

Inventors

• Sanjib Mallick · Bengaluru, IN
• Arieh Don · Newton, US
• Elik Levin · Holon, IL
• Kundan Kumar · Pune, IN
• Gaurav Singh · Urbana, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/78
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An apparatus comprises at least one processing device configured to implement a multi-path layer in a host device, wherein the multi-path layer controls delivery of input-output (IO) operations from the host device to a storage system over selected ones of a plurality of paths through a network. The multi-path layer is configured, for each of at least a subset of the IO operations, to store at least a process identifier, a user identifier and an access type for the IO operation. The multi-path layer is further configured to perform analytics on the stored process identifiers, user identifiers and access types to detect an access pattern, and responsive to the detected access pattern having one or more designated characteristics associated with malware, to generate an alert. The alert may be generated by inserting security alert indicators into respective ones of the IO operations, for extraction therefrom by the storage system.