公开(公告)号：US20240244070A1

公开(公告)日：2024-07-18

申请号：US18130966

申请日：2023-04-05

Applicant: VMWARE, INC.

Inventor： SHUBHRAJYOTI MOHAPATRA ,  Madan Singhal ,  Deepak Gangwar ,  Satyandra Guthula

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1425 ,  H04L41/16

Abstract: The disclosure provides an approach for detecting anomalous behavior of network traffic within a network environment. Embodiments include receiving, by a risk analyzer operating on a server, network traffic flow records for one or more traffic flows in a network environment. Embodiments also include serializing flow entries within the network traffic flow records into a plurality of temporal buckets. Embodiments includes analyzing the network traffic flow records by a machine learning model configured to detect anomalous behavior based on (i) spatial patterns between at least a first set of features of flow entries and (ii) temporal patterns between the flow entries. Further embodiments include initiating a network action in response to detecting anomalous behavior in at least one of the network traffic flow records.

公开(公告)号：US20240195699A1

公开(公告)日：2024-06-13

申请号：US18105898

申请日：2023-02-06

Applicant: VMWARE, INC.

Inventor： Madan Singhal ,  Shubhrajyoti Mohapatra ,  Abhishek Shingane

IPC: H04L41/122 ,  H04L41/16 ,  H04L43/062

CPC classification number: H04L41/122 ,  H04L41/16 ,  H04L43/062

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are well defined, a clustering of the features is performed. A constraint based semi supervised process is performed. Provided the feature selection analysis determines that features of the components are well defined, a similarity analysis of the sub-features of the feature is performed. Results of the feature selection methodology are generated.

公开(公告)号：US20230342177A1

公开(公告)日：2023-10-26

申请号：US17729249

申请日：2022-04-26

Applicant: VMware, Inc.

Inventor： Vamshik Shetty ,  Madan Singhal ,  Seena Ann Sabu

IPC: G06F9/455 ,  G06F9/30

CPC classification number: G06F9/45558 ,  G06F9/30036 ,  G06F9/45545 ,  G06F2009/45562 ,  G06F2009/4557

Abstract: The current document is directed to methods and systems that automatically instantiate complex distributed applications by deploying distributed-application instances across the computational resources of one or more distributed computer systems and that automatically manage instantiated distributed applications. The current document discloses decentralized, distributed automated methods and systems that instantiate and manage distributed applications using multiple agents installed within the computational resources of one or more distributed computer systems. The agents exchange distributed-application instances among themselves in order to locally optimize the set of distributed-application instances that they each manage. In addition, agents organize themselves into groups with leader agents to facilitate efficient, decentralized exchange of control information acquired by employing machine-learning methods. Leader agents are periodically elected and/or reelected and agent groups change, over time, resulting in dissemination of control information across the agents of the distributed application-instantiation system.

公开(公告)号：US11165676B1

公开(公告)日：2021-11-02

申请号：US17172101

申请日：2021-02-10

Applicant: VMWARE, INC.

Inventor： Rohan Gandhi ,  Avinash Nigam ,  Madan Singhal

IPC: H04L12/26

Abstract: A method for creating a flow profile is provided. The method identifies a first plurality of flow measurements, each of which corresponding to one of a plurality of flows exchanged between a computing entity and a service during a first time period. The method, for each of a first plurality of buckets each of which has a pair of lower and upper bounds, increments a counter of the corresponding bucket for each of the plurality of flow measurements that falls within the pair of bounds of that bucket. The method generates a second plurality of buckets by merging and splitting at least some of the first plurality of buckets, identifies a second plurality of flow measurements for the computing entity during a second time period, and distributes these measurements into the second plurality of buckets. The method generate the flow profile by aggregating the first and second pluralities of buckets.