Ransomware behavioral kernel model
US12353551B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 19, 2025 |
| Grant date | Jul 8, 2025 |
| Priority date | — |
| Expiry date | Mar 19, 2045 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Time series behavioral data derived from operating system events on a monitored computing device is monitored at a kernel level. Based on this monitoring, a feature vector is populated or updated with features indicative of ransomware. These features are extracted or otherwise derived from the time series behavioral data. The feature vector can be input into a machine learning model (e.g., a modified gated recurrent unit, etc.) to characterize whether the time series behavioral data is indicative of a ransomware event. Data indicating a probability of a ransomware event occurring is provided to a consuming application or process. One or more remediation actions to thwart the ransomware event can be initiated when the probability level is above a threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.