公开(公告)号：US11295011B2

公开(公告)日：2022-04-05

申请号：US16242396

申请日：2019-01-08

Applicant: VMware, Inc.

Inventor： Ruimin Sun ,  Vijay Ganti ,  Zhen Mo ,  Bin Zan ,  Vamsi Akkineni

IPC: G06F21/55 ,  G06N20/00 ,  G06F21/56 ,  G06K9/62 ,  G06F21/53

Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.

公开(公告)号：US20210027121A1

公开(公告)日：2021-01-28

申请号：US16518808

申请日：2019-07-22

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vamsi Akkineni ,  Vijay Ganti

IPC: G06K9/72 ,  G06K9/62 ,  G06N3/08 ,  G06F17/16

Abstract: Machine learning-based techniques for representing computing processes as vectors are provided. In one set of embodiments, a computer system can receive a name of a computing process and context information pertaining to the computing process. The computer system can further train a neural network based on the name and the context information, where the training results in determination of weight values for one or more hidden layers of the neural network. The computer system can then generate, based on the weight values, a vector representation of the computing process that encodes the context information and can perform one or more analyses using the vector representation.

公开(公告)号：US11645539B2

公开(公告)日：2023-05-09

申请号：US16518808

申请日：2019-07-22

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vamsi Akkineni ,  Vijay Ganti

IPC: G06F17/16 ,  G06V10/70 ,  G06N3/08 ,  G06F18/214

CPC classification number: G06V10/768 ,  G06F17/16 ,  G06F18/214 ,  G06N3/08

Abstract: Machine learning-based techniques for representing computing processes as vectors are provided. In one set of embodiments, a computer system can receive a name of a computing process and context information pertaining to the computing process. The computer system can further train a neural network based on the name and the context information, where the training results in determination of weight values for one or more hidden layers of the neural network. The computer system can then generate, based on the weight values, a vector representation of the computing process that encodes the context information and can perform one or more analyses using the vector representation.

公开(公告)号：US11645339B2

公开(公告)日：2023-05-09

申请号：US16502768

申请日：2019-07-03

Applicant: VMware, Inc.

Inventor： Barak Raz ,  Vamsi Akkineni

IPC: G06F16/906 ,  G06F9/455

CPC classification number: G06F16/906 ,  G06F9/45558

Abstract: Certain aspects of the present disclosure relate to methods and systems for evaluating a first command line interface (CLI) input of a process. The method comprises examining the first CLI input and selecting a first clustering model corresponding to the process, wherein the first clustering model is created based on a first clustering configuration and a first feature type combination. The method further comprises creating a first feature combination for the first CLI input based on the first feature type combination, evaluating the first CLI input using the first clustering model and the first feature combination, wherein the evaluating further comprises determining a similarity score corresponding to a similarity between the first feature combination and the one or more clusters, and determining whether or not the first CLI input corresponds to normal behavior based on the similarity score.

公开(公告)号：US11620180B2

公开(公告)日：2023-04-04

申请号：US16205138

申请日：2018-11-29

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Bin Zan ,  Vijay Ganti ,  Vamsi Akkineni ,  HengJun Tian

IPC: G06F9/44 ,  G06F11/07 ,  G06F21/56 ,  G06F11/34 ,  G06N20/20 ,  G06F9/455 ,  H04L9/40

Abstract: A computer-implemented method for determining whether data is anomalous includes generating a holo-entropy adaptive boosting model using, at least in part, a set of normal data. The holo-entropy adaptive boosting model includes a plurality of holo-entropy models and associated model weights for combining outputs of the plurality of holo-entropy models. The method further includes receiving additional data, and determining at least one of whether the additional data is normal or abnormal relative to the set of normal data or a score indicative of how abnormal the additional data is using, at least in part, the generated holo-entropy adaptive boosting model.