Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.

Abstract: Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.

Abstract: A system and method is provided for detecting ransomware and malicious programs.

Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying a chain of related processes executing on a computing device; for each respective process in the chain of related processes: monitoring events generated by the respective process; storing snapshots of data modified by any of the events; determining a level of suspicion for the respective process by applying an artificial intelligence (AI) model to the snapshots of data; determining whether the chain of related processes is trusted based on the determined levels of suspicion; and in response to determining that the chain of related processes is not trusted, restoring objects affected by the chain from the snapshots.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises storing an initial configuration of the storage system as configuration parameters, collecting health information and parameter information related to the storage system over a period of time, analyzing the collected health information using machine learning by comparing the health and the parameter information to a set of goals of the storage system, and in response to determining that the storage system is not operating in accordance with the set of goals, identifying a problem with the storage system using artificial intelligence by analyzing the health information and generating parameter changes that correct the problem, updating the configuration parameters with the parameter changes and applying the parameter changes to the storage system to correct the problem and restore performance of the storage system.

Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.

Abstract: Disclosed herein are systems and method for forming and executing a backup strategy. In one aspect, an exemplary method comprises, for each file of files from one or more data sources that is being evaluated to form the backup strategy for the file, updating a frequency database, evaluating a uniqueness for the file stored at a data source of the one or more data sources by comparing at least a portion of data of the file to the frequency database, categorizing the file into a hierarchy of logical types according to properties of the file, and forming the backup strategy for the file according to the uniqueness and categorization of the file.

Abstract: Disclosed are systems and methods for data archiving using machine learning techniques. The system collects statistical information and event data and processes them using machine learning techniques to classify data and/or predict data access demands. The system receives statistical information related to user access of a plurality of files, which can effectively “train” the system to archive data that is not needed at a certain moment and extract it at other moments. The system identifies, using a machine learning module, a pattern of access in the plurality of files based on the received statistical information. The system modifies, using the identified pattern of access, a threshold value related to file access, and assigns a set of files from the plurality of files an access classification based on the modified threshold value. The system migrates the set of files between hot and cold data areas based on the assigned access classification.

Abstract: Methods for file archiving using machine learning are disclosed herein. An exemplary method comprises archiving a first file of a plurality of files from a storage server to a tiered storage system, training a machine learning module based on file access operations for the plurality of files, determining one or more rules for predicting access to the archived files using the machine learning module, determining a prediction of access of the archived file based on the one or more rules and retrieving the archived file from the tiered storage system into a file cache in the storage server based on the prediction of access.