Amazon.com, Inc.
Identifying attacks on file systems

Abstract:

Technology is described for preventing cryptovirus attacks in a computing service environment. Data patterns of both read and write operations are monitored for files during a predetermined time period. The data patterns related to the files are recorded during the monitoring. A machine learning model is constructed according to the recorded data to establish a data change probability for the plurality of files. An unexpected change is detected using the machine learning model according to the data change probability of the files having changed data. A warning notification is sent indicating the unexpected change is detected for the files.