公开(公告)号：US20230409714A1

公开(公告)日：2023-12-21

申请号：US17843638

申请日：2022-06-17

Applicant: VMware, Inc.

Inventor： Yujing Chen ,  Amit Garg ,  Christopher Kruegel ,  Dennis Ramdass ,  Mark James Voll

IPC: G06F21/56 ,  G06N20/20 ,  G06F21/51

CPC classification number: G06F21/566 ,  G06N20/20 ,  G06F21/51 ,  G06F2221/033

Abstract: In one set of embodiments, a computer system can receive one or more application programming interface (API) call traces comprising metadata of API calls made by an application and can extract features from the one or more API call traces, the extracting resulting in one or more feature vectors. The computer system can then provide the one or more feature vectors as input to one or more machine learning (ML) models, where the one or more ML models are configured to generate a prediction for each of the one or more API call traces indicating whether the API call corresponding to the API call trace is normal or anomalous.

公开(公告)号：US20230409412A1

公开(公告)日：2023-12-21

申请号：US17843474

申请日：2022-06-17

Applicant: VMware, Inc.

Inventor： Christopher Kruegel ,  Dennis Ramdass ,  Amit Garg ,  Mark James Voll ,  Yujing Chen

IPC: G06F9/54

CPC classification number: G06F9/541

Abstract: In one set of embodiments, a computer system can receive one or more application programming interface (API) call traces comprising metadata of API calls made by a microservice-based application and can evaluate the one or more API call traces against a baseline of normal API call behavior for the application. The computer system can then generate, based on the evaluation, a prediction for each of the one or more API call traces indicating whether the API call corresponding to the API call trace is normal or anomalous.

公开(公告)号：US20230412629A1

公开(公告)日：2023-12-21

申请号：US17843707

申请日：2022-06-17

Applicant: VMware, Inc.

Inventor： Daniel Beveridge ,  Dennis Ramdass ,  Mark James Voll ,  Christopher Kruegel ,  Yujing Chen ,  Amit Garg

IPC: H04L9/40 ,  H04L41/16

CPC classification number: H04L63/1433 ,  H04L63/1441 ,  H04L41/16 ,  H04L63/20 ,  H04L63/1416

Abstract: In one set of embodiments, a computer system can determine that one or more attacks have been or are in the process of being perpetrated against an anomaly detection system, where the anomaly detection system comprises a set of machine learning (ML) models trained to detect anomalous application programming interface (API) call behavior in a microservice-based application based on API call traces collected from the application. In response to this determination, the computer system can initiate one or more actions for securing the anomaly detection system against the one or more attacks.