The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11768936 B1

Date of Patent:

Sep. 26, 2023

Filed:

Jul. 31, 2018

Anomaly-based ransomware detection for encrypted files

Applicant:

Emc Ip Holding Company Llc, Hopkinton, MA (US);

Inventors:

Or Herman Saffar, Beer Sheva, IL;

Amihai Savir, Sansana, IL;

Assignee:

EMC IP Holding Company LLC, Hopkinton, MA (US);

Attorney:

Ryan, Mason & Lewis, LLP

Primary Examiner:

Henry Tsang

Int. Cl.

CPC ...

G06F 21/56 (2013.01); G06F 21/55 (2013.01); G06N 20/00 (2019.01); G06F 11/14 (2006.01);

U.S. Cl.

CPC ...

G06F 21/565 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06N 20/00 (2019.01); G06F 11/1435 (2013.01); G06F 11/1451 (2013.01); G06F 2201/84 (2013.01);

Abstract

Techniques are provided for anomaly-based ransomware detection of encrypted files. One exemplary method comprises obtaining metadata for an encrypted file; applying an anomaly detection technique to the metadata to compare at least one attribute in the metadata to one or more corresponding historical baseline values for the at least one attribute; and determining whether the encrypted file comprises a ransomware encryption based on the comparison. In some embodiments, one or more of file extension attributes, file size attributes and file name attributes in the metadata are compared to the one or more corresponding historical baseline values to identify a ransomware attack.

Find Patent Forward Citations