Threat detection implemented in a data processing unit

What is claimed is: 1 . A data processing unit, comprising: a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: receiving a workload from a customer device that was offloaded by a server device to the data processing unit; determining a time-series pattern represented in the workload; comparing the time-series pattern to a baseline pattern generated from previously received workloads according to a long short-term memory model; and in response to an anomaly being detected in the time-series pattern relative to the baseline pattern, performing a blocking procedure that blocks input/output (I/O) transactions of the workload prior to the I/O transactions reaching a storage array device. 2 . The data processing unit of claim 1 , wherein the long short-term memory model comprises multiple layers of memory cells configured for scanning or forecasting short term and long term trends, seasonalities, or other time-series characteristics. 3 . The data processing unit of claim 1 , wherein the time-series pattern is determined in response to an examination of time-series data relating to the I/O transactions of the workload. 4 . The data processing unit of claim 3 , wherein the time-series data comprises at least one of: compression ratio data indicative of compression ratios of the I/O transactions over time, criticality data indicative of a priority or weight associated with an element of the time-series data, size data indicative of data sizes associated with the I/O transactions over time, type data indicative of types of the I/O transactions over time, or distribution data indicative of a distribution of the types of the I/O transactions over time. 5 . The data processing unit of claim 1 , wherein the operations further comprise comparing the time-series pattern to a malicious pattern, of a malicious workload, generated according to the long short-term memory model. 6 . The data processing unit of claim 5 , wherein the operations further comprise, in response to a match being detected in the time-series pattern relative to the malicious pattern, performing the blocking procedure that blocks malicious I/O transactions of the malicious workload prior to the malicious I/O transactions reaching the storage array device. 7 . The data processing unit of claim 1 , wherein the blocking procedure blocks the I/O transactions immediately upon detection or after a defined amount of time based on a policy of a customer entity associated with the customer device. 8 . The data processing unit of claim 1 , wherein the blocking procedure further comprises transmitting a feedback request message to the customer device and the long short-term memory model uses a response to the feedback request for training or refinement. 9 . The data processing unit of claim 1 , wherein the long short-term memory model generates workload patterns that are specific to a specified customer entity, the customer device, or a specified application executing on the customer device. 10 . The data processing unit of claim 1 , wherein the long short-term memory model generates at least one of a first workload pattern associated with a disk wiping operation, a second workload pattern associated with a database update that is specific to a type of database, a third workload pattern associated with disk defragmentation, a fourth workload pattern indicative of on a number of overwrites after reading a specific block or track within a time slice, a fifth workload pattern indicative of a fraction of overwritten blocks relative to a total number of write requests in a specified time window, a sixth workload pattern indicative of an amount of overwriting for the specified time window consisting of multiple time slices, a seventh workload pattern indicative of an average I/O length of continuously overwritten blocks in the specified time window, or an eighth workload pattern indicative of a fraction of a first number of overwrites during the specified time window as a function of an average number of overwrites of a previous time window. 11 . A data processing unit, comprising: a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: receiving a workload from a customer device that was offloaded by a server device to the data processing unit; determining a time-series pattern applicable to the workload; comparing the time-series pattern to a malicious pattern generated from previously received workloads according to a long short-term memory model; and in response to a match being detected in the time-series pattern relative to the malicious pattern, initiating blocking of input/output (I/O) transactions of the workload prior to the I/O transactions reaching a storage array device. 12 . The data processing unit of claim 11 , wherein the operations further comprise comparing the time-series pattern to a benign pattern, of a benign workload, generated according to the long short-term memory model. 13 . The data processing unit of claim 12 , wherein the operations further comprise, in response to an anomaly being detected in the time-series pattern relative to the benign pattern, initiating the blocking of the I/O transactions of the workload prior to the I/O transactions reaching the storage array device. 14 . The data processing unit of claim 11 , wherein initiating the blocking comprises initiating the blocking of the I/O transactions upon detection of the match. 15 . The data processing unit of claim 11 , wherein initiating the blocking comprises initiating the blocking of the I/O transactions after a defined amount of time based on a policy corresponding to a customer entity associated with the customer device. 16 . The data processing unit of claim 11 , wherein the blocking comprises transmitting a feedback request message to the customer device and wherein the long short-term memory model uses a response to the feedback request for training or refinement. 17 . A method, comprising: receiving, by a data processing unit comprising a processor, a workload from a customer device that was offloaded by a server device to the data processing unit; determining, by the data processing unit, a time-series pattern of the workload; comparing, by the data processing unit, the time-series pattern to a stored pattern generated from previously received workloads according to a long short-term memory model; determining, by the data processing unit, that the workload represents a potential threat based on the comparing; and facilitating, by the data processing unit, a blocking of input/output (IO) transactions of the workload prior to the I/O transactions reaching a storage array device. 18 . The method of claim 17 , further comprising determining, by the data processing unit, that the time-series pattern is a benign pattern and, in response, determining the potential threat a based on a difference between the time-series pattern and the stored pattern. 19 . The method of claim 17 , further comprising determining, by the data processing unit, that the time-series pattern is a malicious pattern and, in response, determining the potential threat a based on a similarity between the time-series pattern and the stored pattern. 20 . The method of claim 17 , further comprising, in response to the blocking, facilitating, by the data processing unit, transmission