Patent · US Active

Detection of ransomware attack using entropy values

US12314393B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

Hewlett Packard Enterprise Development LP · US

Inventors

Alex Veprinsky · Brookline, US
Gil Barash · Nes Ziona, IL
Oded Kedem · Nes Ziona, IL

Key dates

Filing date	Oct 31, 2022
Grant date	May 27, 2025
Priority date	—
Expiry date	May 19, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Example implementations relate to storing data in a storage system. An example includes accessing a first portion of a data stream to be stored in a storage system; selecting sample data blocks included in the first portion; determining entropy values based on the sample data blocks; selecting, based on the sample data blocks, a entropy threshold from multiple precalculated entropy thresholds; determining whether the generated set of entropy values matches the selected entropy threshold within a probability level; and in response to a determination that the generated set of entropy values matches the selected entropy threshold within the probability level, identifying the first portion of the data stream as potentially including encrypted data affected by a ransomware attack.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.