公开(公告)号：US11847481B2

公开(公告)日：2023-12-19

申请号：US16514059

申请日：2019-07-17

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vijay Ganti ,  Vamsi Krishna Akkineni

IPC: G06F9/455 ,  G06F17/16 ,  G06N20/00 ,  G06F18/2415

CPC classification number: G06F9/45558 ,  G06F17/16 ,  G06F18/2415 ,  G06N20/00 ,  G06F2009/45591

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are well defined, a classification of the features is performed. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated.

公开(公告)号：US11729207B2

公开(公告)日：2023-08-15

申请号：US16900240

申请日：2020-06-12

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Vijay Ganti ,  Debessay Fesehaye Kassa ,  Barak Raz ,  Honglei Li

IPC: H04L9/40

CPC classification number: H04L63/1441 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.

公开(公告)号：US11507653B2

公开(公告)日：2022-11-22

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

公开(公告)号：US10860712B2

公开(公告)日：2020-12-08

申请号：US16032349

申请日：2018-07-11

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Dexiang Wang ,  Bin Zan ,  Vijay Ganti ,  Amit Chopra

IPC: G06F21/55 ,  G06F9/455 ,  G06F21/57

Abstract: A virtual computing instance (VCI) is protected against security threats by a security manager, monitoring a behavior of a VCI over an observation period. The method further includes, storing by the security manager a digital profile in a first database, wherein the digital profile comprises information indicative of the behavior. The method further includes, accessing by a detection system, the digital profile from the first database, and accessing by the detection system, an intended state associated with VCI, wherein the intended state comprises information indicative of a behavior from a second VCI. The method further includes, comparing at least part of the digital profile to the at least part of the intended state. The method further includes, determining by the detection system, that the VCI contains a security threat when information indicative of a behavior in the digital profile is an outlier.

公开(公告)号：US20200065478A1

公开(公告)日：2020-02-27

申请号：US16233143

申请日：2018-12-27

Applicant: VMWARE, INC.

Inventor： Vaibhav Rekhate ,  Nilesh Awate ,  Amit Vasant Patil ,  Vijay Ganti

IPC: G06F21/53 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F9/455

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.