System & method for efficient early indication of ransomware attack for damage prevention and control
US-2023239321-A1 · Jul 27, 2023 · US
Using backup meta-data and analytics for detecting cyber-attacks
US2024111861A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2024111861-A1 |
| Application number | US-202217957329-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 30, 2022 |
| Priority date | Sep 30, 2022 |
| Publication date | Apr 4, 2024 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention relate to generating backups of assets. More specifically, in one or more embodiments of the invention, the meta-data generated during the backups is leveraged for detecting cyber-attacks by leveraging backup meta-data, to reduce the amount of data that needs to be scanned by a cyber-security module to detect a cyber-attack, such as a ransomware attack. This allows any attacks to be detected earlier and reduce processing by leveraging the periodic backups that are performed as part of data protection, to detect when an attack has or is occurring. By making these determinations, a quick identification of possible ransomware attacks may be made and other methods of mitigating the attack may be deployed when the method of mitigating the attack might still be useful to mitigate potential damage to a user's data.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for performing a backup, the method comprising: initiating, by a user, an initial backup of a production host; storing a copy of the initial backup's meta-data in a vault in a cyber-security module; periodically performing a subsequent backup of the production host; sending the subsequent backup's meta-data to the cyber-security module, wherein the cyber-security module compares the subsequent backup's meta-data to the initial backup's meta-data to determine where changes have occurred in the production host; sending to the cyber-security module, the portions of the backup that correspond to the determined changes in the production host; analyzing, by the cyber-security module, the portions of the backup to determine if the portions of the backup are corrupted; and notifying the user if the portions of the backup are corrupted. 2 . The method of claim 1 , the method further comprising: sending to the cyber-security module, a portion of the backup that does not correspond to the determined changes in the production host; and analyzing, by the cyber-security module, the portion of the backup that does not correspond to the determined changes in the production host to determine if any portion thereof is corrupted, wherein the user is notified is it is determined that any portion thereof is corrupted. 3 . The method of claim 2 , wherein the portion of the backup that does not correspond to the determined changes in the production host comprises of less than all of the portions of the backup that do not correspond to the determined changes in the production host. 4 . The method of claim 3 , wherein the portion of the backup that does not correspond to the determined changes in the production host is selected randomly from all the portions of the backup that do not correspond to the determined changes in the production host. 5 . The method of claim 3 , wherein the portion of the backup that does not correspond to the determined changes in the production host is a predetermined percentage of all of the portions of the backup that do not correspond to the determined changes in the production host. 6 . The method of claim 5 , wherein the predetermined percentage is determined by the user when the backup is configured. 7 . The method of claim 6 , wherein if the cyber-security module detects that the portion of the backup that does not correspond to the determined changes in the production host includes corruption, the predetermined percentage is increased by a predetermined amount. 8 . A non-transitory computer readable medium comprising computer readable program code, which when executed by a computer processor enables the computer processor to perform a method for performing a backup, the method comprising: initiating, by a user, a backup of a production host; storing a copy of the backup's meta-data in a cyber-security module's vault; periodically performing a subsequent backup of the production host; sending the subsequent backup's meta-data to a cyber-security module, wherein the cyber-security module compares the subsequent backup's meta-data to the backup's meta-data to determine where changes have occurred in the production host; sending to the cyber-security module, the portions of the backup that correspond to the determined changes in the production host; analyzing, by the cyber-security module, the portions of the backup to determine if the portions of the backup are corrupted; and notifying the user if the portions of the backup are corrupted. 9 . The non-transitory computer readable medium of claim 8 , the method further comprising: sending to the cyber-security module, a portion of the backup that does not correspond to the determined changes in the production host; and analyzing by the cyber-security module, the portion of the backup that does not correspond to the determined changes in the production host to determine if any portion thereof is corrupted, wherein the user is notified is it is determined that any portion thereof is corrupted. 10 . The non-transitory computer readable medium of claim 9 , wherein the portion of the backup that does not correspond to the determined changes in the production host comprises of less than all of the portions of the backup that do not correspond to the determined changes in the production host. 11 . The non-transitory computer readable medium of claim 10 , wherein the portion of the backup that does not correspond to the determined changes in the production host is selected randomly from all the portions of the backup that do not correspond to the determined changes in the production host. 12 . The non-transitory computer readable medium of claim 10 , wherein the portion of the backup that does not correspond to the determined changes in the production host is a predetermined percentage of all of the portions of the backup that do not correspond to the determined changes in the production host. 13 . The non-transitory computer readable medium of claim 12 , wherein the predetermined percentage is determined by the user when the backup is configured. 14 . The non-transitory computer readable medium of claim 13 , wherein if the cyber-security module detects that the portion of the backup that does not correspond to the determined changes in the production host includes corruption, the predetermined percentage is increased by a predetermined amount. 15 . A system comprising: a cyber-security module; a production host; and a backup agent comprising: a processor; and a memory comprising instructions, which when executed by the processor, perform a method for performing a backup, the method comprising: initiating, by a user of the system, a backup of the production host; storing a copy of the backup's meta-data in a cyber-security module's vault; periodically performing a subsequent backup of the production host; sending the subsequent backup's meta-data to the cyber-security module, wherein the cyber-security module compares the subsequent backup's meta-data to the backup's meta-data to determine where changes have occurred in the production host; sending to the cyber-security module, the portions of the backup that correspond to the determined changes in the production host; analyzing, by the cyber-security module, the portions of the backup to determine if the portions of the backup are corrupted; and notifying the user if the portions of the backup are corrupted. 16 . The system of claim 15 , wherein the method for performing a backup further comprises: sending to the cyber-security module, a portion of the backup that does not correspond to the determined changes in the production host; and analyzing by the cyber-security module, the portion of the backup that does not correspond to the determined changes in the production host to determine if any portion thereof is corrupted, wherein the user is notified is it is determined that any portion thereof is corrupted. 17 . The system of claim 16 , wherein the portion of the backup that does not correspond to the determined changes in the production host comprises of less than all of the portions of the backup that do not correspond to the determined changes in the production host. 18 . The system of claim 17 , wherein the portion of the backup that does not correspond to the determined changes in the production host is selected randomly from all the portions of the backup that do not correspond to the determined changes in the production host.
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Test or assess a computer or a system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2024111861A1 cover?
- Embodiments of the invention relate to generating backups of assets. More specifically, in one or more embodiments of the invention, the meta-data generated during the backups is leveraged for detecting cyber-attacks by leveraging backup meta-data, to reduce the amount of data that needs to be scanned by a cyber-security module to detect a cyber-attack, such as a ransomware attack. This allows …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 04 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).