公开(公告)号：US20230239204A1

公开(公告)日：2023-07-27

申请号：US17677039

申请日：2022-02-22

Applicant: VMware, Inc.

Inventor： Karen Hayrapetyan ,  Sunitha Krishna ,  Nikash Walia ,  Margaret Petrus

IPC: H04L41/0813 ,  H04L41/12 ,  H04L9/40

CPC classification number: H04L41/0813 ,  H04L41/12 ,  H04L63/104

Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.

公开(公告)号：US11765179B2

公开(公告)日：2023-09-19

申请号：US17677039

申请日：2022-02-22

Applicant: VMware, Inc.

Inventor： Karen Hayrapetyan ,  Sunitha Krishna ,  Nikash Walia ,  Margaret Petrus

IPC: G06F15/177 ,  H04L41/0813 ,  H04L9/40 ,  H04L41/12

CPC classification number: H04L41/0813 ,  H04L41/12 ,  H04L63/104

Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.

公开(公告)号：US20230239306A1

公开(公告)日：2023-07-27

申请号：US17582943

申请日：2022-01-24

Applicant: VMware, Inc.

Inventor： Karen Hayrapetyan ,  Sunitha Krishna ,  Nikash Walia ,  Margaret Petrus

IPC: H04L9/40 ,  G06N20/00 ,  G06F16/23

CPC classification number: H04L63/104 ,  G06N20/00 ,  G06F16/2365

Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.