公开(公告)号：US11436075B2

公开(公告)日：2022-09-06

申请号：US16520233

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Rick Lund ,  Alok S. Tiagi ,  Sushruth Gopal

IPC: G06F11/07 ,  H04L9/40 ,  H04L69/22 ,  H04L43/08 ,  H04L41/046

Abstract: Some embodiments provide a novel method for collecting and analyzing attributes of data flows associated with machines executing on a plurality of host computers to detect anomalous behavior. In some embodiments, an anomalous behavior is detected for at least one particular flow associated with at least one machine executing on the host computer. In some embodiments, anomaly detection is based on the context data from the guest introspection agent and deep packet inspection. An identifier of the detected anomalous behavior is stored, in some embodiments. The stored attributes are provided, in some embodiments, to a server for further analysis.

公开(公告)号：US20210026720A1

公开(公告)日：2021-01-28

申请号：US16520233

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Rick Lund ,  Alok S. Tiagi ,  Sushruth Gopal

IPC: G06F11/07 ,  H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: Some embodiments provide a novel method for collecting and analyzing attributes of data flows associated with machines executing on a plurality of host computers to detect anomalous behavior. In some embodiments, an anomalous behavior is detected for at least one particular flow associated with at least one machine executing on the host computer. In some embodiments, anomaly detection is based on the context data from the guest introspection agent and deep packet inspection. An identifier of the detected anomalous behavior is stored, in some embodiments. The stored attributes are provided, in some embodiments, to a server for further analysis.