CPC G06F 21/566 (2013.01) [G06N 20/20 (2019.01); G06F 2221/034 (2013.01)] | 28 Claims |
1. A method comprising:
obtaining, using a data processing unit (DPU) operatively coupled to a host device, a series of snapshots of data stored in physical memory of the host device, the data being associated with one or more computer programs executed by the host device, wherein the series of snapshots of data are obtained by the DPU without detection by the one or more computer programs;
extracting, using a machine learning (ML) detection system, a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time;
classifying, using the set of features and the ML detection system, a process of the one or more computer programs as ransomware or non-ransomware; and
outputting an indication of ransomware responsive to the process being classified as ransomware.
|