公开(公告)号：US11544375B2

公开(公告)日：2023-01-03

申请号：US16718174

申请日：2019-12-17

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: G06F21/55 ,  G06N5/04 ,  G06N20/00

Abstract: File events are correlated with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

公开(公告)号：US20220400070A1

公开(公告)日：2022-12-15

申请号：US17347706

申请日：2021-06-15

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Russell Lu ,  Sushruth Gopal ,  Subrahmanyam Manuguri

IPC: H04L12/26

Abstract: The method of some embodiments samples data flows. The method samples a first set of flows during a first time interval using a first logical port window for the first time interval. The first logical port window identifies a first set of non-contiguous layer 4 (L4) values in an L4 port range that are candidate values for sampling the flows during the first time interval. The method also samples a second set of flows during a second time interval using a second logical port window for the second time interval. The second logical port window identifies a second set of non-contiguous L4 values in an L4 port range that are candidate values for sampling the flows during the second time interval.

公开(公告)号：US20160269252A1

公开(公告)日：2016-09-15

申请号：US15043958

申请日：2016-02-15

Applicant: VMware, Inc.

Inventor： Subrahmanyam Manuguri ,  Anirban Sengupta ,  Andre Khan

IPC: H04L12/24

CPC classification number: H04L41/5058 ,  H04L41/12 ,  Y02D30/30

Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.

Abstract translation: 一种用于在分布式计算机系统上执行服务发现的系统和方法包括：获得由分布式计算机系统中的主计算机提供的服务的信息，并将该信息嵌入到要发送的链路层发现协议（LLDP）数据帧中 从主机到分布式计算机系统的另一个组件。

公开(公告)号：US11811791B2

公开(公告)日：2023-11-07

申请号：US16738305

申请日：2020-01-09

Applicant: VMware, Inc.

Inventor： Makarand Bhonsle ,  Sirisha Myneni ,  Anirban Sengupta ,  Subrahmanyam Manuguri

IPC: G06F21/00 ,  H04L9/40 ,  G06F17/18 ,  G06F21/56 ,  G06N3/045 ,  G06N3/047

CPC classification number: H04L63/1416 ,  G06F17/18 ,  G06F21/564 ,  G06N3/045 ,  G06N3/047

Abstract: Described herein are embodiments for transferring knowledge of intrusion signatures derived from a number of software-defined data centers (SDDCs), each of which has an intrusion detection system (IDS) with a convolutional neural network (CNN) to a centralized neural network. The centralized neural network is implemented as a generative adversarial neural network (GANN) having a multi-feed discriminator and a generator, which is trained from the discriminator. Knowledge in the GANN is then transferred back to the CNNs in each of the SDDCs. In this manner, each CNN obtains the learning of the CNNs in nearby IDSs of a region so that a distributed attack on each of the CNNs, such as a denial of service attack, can be defended by each of the CNNs.

公开(公告)号：US20230281096A1

公开(公告)日：2023-09-07

申请号：US18196367

申请日：2023-05-11

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F11/30 ,  G06F40/205 ,  G06V10/94

CPC classification number: G06F11/3072 ,  G06F40/205 ,  G06V10/955

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.

公开(公告)号：US11588682B2

公开(公告)日：2023-02-21

申请号：US16742663

申请日：2020-01-14

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Mike Parsa ,  Xinhua Hong ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L41/0806 ,  H04L12/66 ,  H04L12/46 ,  H04L49/25 ,  H04L61/50 ,  H04L101/622

Abstract: Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). In some embodiments, each interface associated with a different bridge calls a service engine based on identifiers included in data messages received at the interface. Each data message flow is associated with a particular identifier that is associated with a particular service engine instance that provides the stateful service. In some embodiments, the interface that receives a data message identifies a service engine to provide the stateful service and provides the data message to the identified service engine. After processing the data message, the service engine provides the data message to the egress interface associated with the ingress interface.

公开(公告)号：US20230014040A1

公开(公告)日：2023-01-19

申请号：US17374633

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method receives a filtered set of intrusion detection signatures to be enforced on the at least one host computer. The method uses a set of contextual attributes associated with a particular data message to generate an intrusion detection signature for the particular data message, the generated intrusion detection signature including a bit pattern, each bit associated with a contextual attribute in the set. The method compares the generated intrusion detection signature with the received set of intrusion detection signatures to identify a matching intrusion detection signature in the received filtered set.

公开(公告)号：US20220239635A1

公开(公告)日：2022-07-28

申请号：US17723191

申请日：2022-04-18

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  David Lorenzo ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L9/40 ,  G06F9/455 ,  G06F16/901

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

公开(公告)号：US09264313B1

公开(公告)日：2016-02-16

申请号：US14069299

申请日：2013-10-31

Applicant: VMware, Inc.

Inventor： Subrahmanyam Manuguri ,  Anirban Sengupta ,  Andre Khan

IPC: H04L12/28 ,  H04L12/24

CPC classification number: H04L41/5058 ,  H04L41/12 ,  Y02D30/30

Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.

Abstract translation: 一种用于在分布式计算机系统上执行服务发现的系统和方法包括：获得由分布式计算机系统中的主计算机提供的服务的信息，并将该信息嵌入到要发送的链路层发现协议（LLDP）数据帧中 从主机到分布式计算机系统的另一个组件。

公开(公告)号：US11663105B2

公开(公告)日：2023-05-30

申请号：US16569015

申请日：2019-09-12

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F9/44 ,  G06F11/30 ,  G06F40/205 ,  G06V10/94

CPC classification number: G06F11/3072 ,  G06F40/205 ,  G06V10/955

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.