公开(公告)号：US20240214348A1

公开(公告)日：2024-06-27

申请号：US18303359

申请日：2023-04-19

Applicant: NetApp, Inc.

Inventor： Azzedine Benameur ,  Yun Shen

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/0236 ,  G06F9/547 ,  H04L63/1425

Abstract: Systems and methods for enhancing API security by identifying anomalous activities in a cloud environment are provided. In one embodiment, the lack of awareness of an external API with respect to how calls to the external API may affect a cluster of a container orchestration platform is addressed. For instance, the views of the external and internal APIs may be combined to achieve better API security by correlating external API calls with undesirable behavior or other anomalies arising in the internal API. Responsive to identifying such undesirable behavior, information (e.g., a host, a source IP, a user, a specific payload) associated with the offending external API call may be added to a network security feature (e.g., a deny list, an IPS, or a WAF) utilized by the external API to facilitate performance of enhanced filtering of subsequent external API calls by the external API on behalf of the internal API.

公开(公告)号：US20240007492A1

公开(公告)日：2024-01-04

申请号：US18344664

申请日：2023-06-29

Applicant: NetApp, Inc.

Inventor： Yun Shen ,  Azzedine Benameur ,  Alex Xeong-Hoon Ough ,  Idan Schwartz

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1425 ,  H04L41/16

Abstract: Systems and methods for identifying anomalous activities in a cloud computing environment are provided. According to one embodiment, a customer's infrastructure may be fortified by leveraging deep learning technology (e.g., an encoder-decoder machine-learning (ML) model) to predict events in the cloud environment. During a training phase, the ML model may be trained to make a prediction regarding a next event based on a predetermined or configurable length of a sequence of contextual events. For example, historical events (e.g., cloud application programming interface (API) events logged to a cloud activity trace) observed within the customer's cloud infrastructure over the course of a particular date range may be split into appropriate event/context pairs and fed to the ML model. Subsequently, during a run-time anomaly detection phase, the ML model may be used to predict a next event based on a sequence of immediately preceding events to facilitate identification of anomalous activity.