-
公开(公告)号:US10652281B1
公开(公告)日:2020-05-12
申请号:US15692890
申请日:2017-08-31
Applicant: VMware, Inc.
Inventor: Marcel Moolenaar , Dennis Ramdass , Ramya Olichandran
Abstract: A technique implements network policy deployed in a tag-based policy architecture of a virtualized computing environment. One or more virtual machine instances (VMIs) may be provided by a virtual data center (VDC) of the environment, wherein each VMI includes an intermediary manager of a computing cell that also includes a guest operating system (OS) and associated applications. The tag-based policy architecture may be configured to enforce the network policy in the virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources, such as the VMIs, coupled to a computer network and to authorize access to protected resources, such as virtualized network resources of the VDC.
-
公开(公告)号:US20230412629A1
公开(公告)日:2023-12-21
申请号:US17843707
申请日:2022-06-17
Applicant: VMware, Inc.
Inventor: Daniel Beveridge , Dennis Ramdass , Mark James Voll , Christopher Kruegel , Yujing Chen , Amit Garg
CPC classification number: H04L63/1433 , H04L63/1441 , H04L41/16 , H04L63/20 , H04L63/1416
Abstract: In one set of embodiments, a computer system can determine that one or more attacks have been or are in the process of being perpetrated against an anomaly detection system, where the anomaly detection system comprises a set of machine learning (ML) models trained to detect anomalous application programming interface (API) call behavior in a microservice-based application based on API call traces collected from the application. In response to this determination, the computer system can initiate one or more actions for securing the anomaly detection system against the one or more attacks.
-
公开(公告)号:US10552606B2
公开(公告)日:2020-02-04
申请号:US15863574
申请日:2018-01-05
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Dennis Ramdass , James J. Voll
Abstract: In an approach, an intermediary guest manager operates within a virtual machine hosted by a host machine and managed by a hypervisor. The intermediary guest manager manages one or more guest operating systems operating within the virtual machine and implements one or more security services for the guest operating systems. The security services provided to the guest operating systems may include system call filtering, memory protections, secure memory dumps, and others. In some cases, the intermediary guest manager consults a threat defense policy which contains a number of records, where each record has one or more triggers representing suspicious activity and one or more actions to take in response to being triggered. When the intermediary guest manager identifies a request, such as a system call or memory access, that meets the trigger of a particular record, the intermediary guest manager executes the associated actions to remediate the suspicious activity.
-
公开(公告)号:US20230409714A1
公开(公告)日:2023-12-21
申请号:US17843638
申请日:2022-06-17
Applicant: VMware, Inc.
Inventor: Yujing Chen , Amit Garg , Christopher Kruegel , Dennis Ramdass , Mark James Voll
CPC classification number: G06F21/566 , G06N20/20 , G06F21/51 , G06F2221/033
Abstract: In one set of embodiments, a computer system can receive one or more application programming interface (API) call traces comprising metadata of API calls made by an application and can extract features from the one or more API call traces, the extracting resulting in one or more feature vectors. The computer system can then provide the one or more feature vectors as input to one or more machine learning (ML) models, where the one or more ML models are configured to generate a prediction for each of the one or more API call traces indicating whether the API call corresponding to the API call trace is normal or anomalous.
-
公开(公告)号:US20230409412A1
公开(公告)日:2023-12-21
申请号:US17843474
申请日:2022-06-17
Applicant: VMware, Inc.
Inventor: Christopher Kruegel , Dennis Ramdass , Amit Garg , Mark James Voll , Yujing Chen
IPC: G06F9/54
CPC classification number: G06F9/541
Abstract: In one set of embodiments, a computer system can receive one or more application programming interface (API) call traces comprising metadata of API calls made by a microservice-based application and can evaluate the one or more API call traces against a baseline of normal API call behavior for the application. The computer system can then generate, based on the evaluation, a prediction for each of the one or more API call traces indicating whether the API call corresponding to the API call trace is normal or anomalous.
-
-
-
-