公开(公告)号：US11258655B2

公开(公告)日：2022-02-22

申请号：US16212170

申请日：2018-12-06

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Dexiang Wang ,  Bin Zan ,  Vijay Ganti ,  Amit Chopra ,  Ruimin Sun

IPC: H04L12/24 ,  G06F9/455

Abstract: A method for managing alarms in a virtual machine environment includes receiving alarm data related to a process and storing the alarm data in a database, where the alarm data comprises one or more features. The method further includes retrieving intended state information for the process and comparing the one more features of the alarm data to the intended state information to determine whether the alarm is an outlier. The method also includes computing a normal score for the alarm if the alarm is not an outlier, and computing an abnormal score for the alarm if the alarm is an outlier. The method also includes sending a notification for the alarm and the computed score.

公开(公告)号：US11316879B2

公开(公告)日：2022-04-26

申请号：US16255551

申请日：2019-01-23

Applicant: VMware, Inc.

Inventor： David Ott ,  Lei Xu ,  Ruimin Sun ,  Vijay Ganti ,  Dennis R. Moreau

IPC: G06F9/455 ,  H04L29/06

Abstract: A computer-implemented method and system for protecting a host computer in a computer network from security threats uses local security-relevant data for the host computer, as well as global security-relevant data for other components in the computer network downloaded from a security information plane system to the host computer, to determine a security threat to the host computer. When a security threat is determined to be a legitimate threat, a security alert is issued, and then an action is initiated in response to the security alert.

公开(公告)号：US11295011B2

公开(公告)日：2022-04-05

申请号：US16242396

申请日：2019-01-08

Applicant: VMware, Inc.

Inventor： Ruimin Sun ,  Vijay Ganti ,  Zhen Mo ,  Bin Zan ,  Vamsi Akkineni

IPC: G06F21/55 ,  G06N20/00 ,  G06F21/56 ,  G06K9/62 ,  G06F21/53

Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.