公开(公告)号：US20240244070A1

公开(公告)日：2024-07-18

申请号：US18130966

申请日：2023-04-05

Applicant: VMWARE, INC.

Inventor： SHUBHRAJYOTI MOHAPATRA ,  Madan Singhal ,  Deepak Gangwar ,  Satyandra Guthula

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1425 ,  H04L41/16

Abstract: The disclosure provides an approach for detecting anomalous behavior of network traffic within a network environment. Embodiments include receiving, by a risk analyzer operating on a server, network traffic flow records for one or more traffic flows in a network environment. Embodiments also include serializing flow entries within the network traffic flow records into a plurality of temporal buckets. Embodiments includes analyzing the network traffic flow records by a machine learning model configured to detect anomalous behavior based on (i) spatial patterns between at least a first set of features of flow entries and (ii) temporal patterns between the flow entries. Further embodiments include initiating a network action in response to detecting anomalous behavior in at least one of the network traffic flow records.