RUNTIME INFORMATION TRANSFER BETWEEN KERNEL MODULES

    公开(公告)号:US20200081638A1

    公开(公告)日:2020-03-12

    申请号:US16124208

    申请日:2018-09-07

    Applicant: VMware, Inc.

    Abstract: Example methods and systems are provided for a computer system to transfer runtime information between a first kernel module and a second kernel module. In one example, the method may comprise assigning ownership of a memory pool to the first kernel module; and the first kernel module accessing the memory pool to store runtime information associated with one or more operations performed by the first kernel module. The method may also comprise releasing ownership of the memory pool from the first kernel module while maintaining the runtime information in the memory pool; and assigning ownership of the memory pool to the second kernel module. The second kernel module may then access the memory pool to obtain the runtime information stored by the first kernel module.

    DISTRIBUTED DEEP PACKET INSPECTION
    2.
    发明申请
    DISTRIBUTED DEEP PACKET INSPECTION 审中-公开
    分布式深层包装检查

    公开(公告)号:US20160072684A1

    公开(公告)日:2016-03-10

    申请号:US14945334

    申请日:2015-11-18

    Applicant: VMware, Inc.

    Abstract: Exemplary methods, apparatuses, and systems receive a copy of or make a copy of one or more packets of a flow of packets between a source and a destination. While or after the one or more packets are forwarded to the destination, the content of the one or more packets is compared to a policy to determine if the flow of packets triggers a policy response. A map of devices within a datacenter cluster of devices is maintained and used to select one or more available devices when packet inspection is distributed.

    Abstract translation: 示例性方法,装置和系统在源和目的地之间接收一组或多个分组流的分组的副本。 在将一个或多个分组转发到目的地之后或之后,将一个或多个分组的内容与策略进行比较以确定分组的流是否触发策略响应。 维护数据中心集群设备中的设备的映射,并用于在分发数据包检查时选择一个或多个可用设备。

    GENERATIVE ADVERSARIAL NETWORK BASED PREDICTIVE MODEL FOR COLLABORATIVE INTRUSION DETECTION SYSTEMS

    公开(公告)号:US20210218757A1

    公开(公告)日:2021-07-15

    申请号:US16738305

    申请日:2020-01-09

    Applicant: VMware, Inc.

    Abstract: Described herein are embodiments for transferring knowledge of intrusion signatures derived from a number of software-defined data centers (SDDCs), each of which has an intrusion detection system (IDS) with a convolutional neural network (CNN) to a centralized neural network. The centralized neural network is implemented as a generative adversarial neural network (GANN) having a multi-feed discriminator and a generator, which is trained from the discriminator. Knowledge in the GANN is then transferred back to the CNNs in each of the SDDCs. In this manner, each CNN obtains the learning of the CNNs in nearby IDSs of a region so that a distributed attack on each of the CNNs, such as a denial of service attack, can be defended by each of the CNNs.

    CORRECTIVE ACTION ON MALWARE INTRUSION DETECTION USING FILE INTROSPECTION

    公开(公告)号:US20210182388A1

    公开(公告)日:2021-06-17

    申请号:US16718174

    申请日:2019-12-17

    Applicant: VMware, Inc.

    Abstract: The disclosure herein describes correlating file events with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

    CORRECTIVE ACTION ON MALWARE INTRUSION DETECTION USING FILE INTROSPECTION

    公开(公告)号:US20230081299A1

    公开(公告)日:2023-03-16

    申请号:US18057334

    申请日:2022-11-21

    Applicant: VMware, Inc.

    Abstract: The disclosure herein describes correlating file events with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

    SERVICE LABELING USING SEMI-SUPERVISED LEARNING

    公开(公告)号:US20210336899A1

    公开(公告)日:2021-10-28

    申请号:US16855305

    申请日:2020-04-22

    Applicant: VMware, Inc.

    Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.

    DYNAMIC EVENT PROCESSING FOR NETWORK DIAGNOSIS

    公开(公告)号:US20210367830A1

    公开(公告)日:2021-11-25

    申请号:US16879796

    申请日:2020-05-21

    Applicant: VMware, Inc.

    Abstract: Example methods and systems for dynamic event processing for network diagnosis are described. In one example, a computer system may monitor a runtime flow of multiple packets to detect a set of multiple events associated with the runtime flow. The computer system may perform a first stage of event processing by matching the set of multiple events to a set of multiple signatures that includes a first signature and a second signature. The first signature may be associated with a first mapping rule that is fully satisfied by the set of multiple events. The second signature may be associated with a second mapping rule that is partially satisfied. During a second stage of event processing, the second signature is disregarded. In response to diagnosing an issue associated with the runtime flow, remediation action(s) may be performed.

    DISTRIBUTED DEEP PACKET INSPECTION
    9.
    发明申请

    公开(公告)号:US20190342191A1

    公开(公告)日:2019-11-07

    申请号:US16396758

    申请日:2019-04-28

    Applicant: VMware, Inc.

    Abstract: Exemplary methods, apparatuses, and systems receive a copy of or make a copy of one or more packets of a flow of packets between a source and a destination. While or after the one or more packets are forwarded to the destination, the content of the one or more packets is compared to a policy to determine if the flow of packets triggers a policy response. A map of devices within a datacenter cluster of devices is maintained and used to select one or more available devices when packet inspection is distributed.

    NETWORK SERVICE SLOTTING
    10.
    发明申请
    NETWORK SERVICE SLOTTING 有权
    网络服务

    公开(公告)号:US20150003453A1

    公开(公告)日:2015-01-01

    申请号:US13931227

    申请日:2013-06-28

    Applicant: VMware, Inc.

    CPC classification number: H04L45/74 H04L67/327

    Abstract: Exemplary methods, apparatuses, and systems of packet processing utilize an ordered sequence of packet processing services to process a packet having a destination. The packet is a native, non-proprietary network packet that uses a standard network protocol and standard packet format. The packet processing services include a plurality of physical and/or virtual services. The ordered sequence is determined by applying one or more policy rules. A virtual service insertion platform manages routing of the packet to each service in the ordered sequence of services until all services have processed the packet, then the packet is forwarded to the packet destination.

    Abstract translation: 分组处理的示例性方法,装置和系统利用分组处理服务的有序序列来处理具有目的地的分组。 该分组是使用标准网络协议和标准分组格式的本地非专有网络分组。 分组处理服务包括多个物理和/或虚拟服务。 有序序列通过应用一个或多个策略规则来确定。 虚拟服务插入平台按照有序的服务顺序管理数据包到每个服务的路由,直到所有服务都处理了数据包,然后将数据包转发到数据包目的地。

Patent Agency Ranking