Event-triggered behavior analysis

    公开(公告)号:US11295011B2

    公开(公告)日:2022-04-05

    申请号:US16242396

    申请日:2019-01-08

    Applicant: VMware, Inc.

    Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.

    Machine Learning-Based Techniques for Representing Computing Processes as Vectors

    公开(公告)号:US20210027121A1

    公开(公告)日:2021-01-28

    申请号:US16518808

    申请日:2019-07-22

    Applicant: VMware, Inc.

    Abstract: Machine learning-based techniques for representing computing processes as vectors are provided. In one set of embodiments, a computer system can receive a name of a computing process and context information pertaining to the computing process. The computer system can further train a neural network based on the name and the context information, where the training results in determination of weight values for one or more hidden layers of the neural network. The computer system can then generate, based on the weight values, a vector representation of the computing process that encodes the context information and can perform one or more analyses using the vector representation.

    Creating a clustering model for evaluating a command line interface (CLI) of a process

    公开(公告)号:US11645339B2

    公开(公告)日:2023-05-09

    申请号:US16502768

    申请日:2019-07-03

    Applicant: VMware, Inc.

    CPC classification number: G06F16/906 G06F9/45558

    Abstract: Certain aspects of the present disclosure relate to methods and systems for evaluating a first command line interface (CLI) input of a process. The method comprises examining the first CLI input and selecting a first clustering model corresponding to the process, wherein the first clustering model is created based on a first clustering configuration and a first feature type combination. The method further comprises creating a first feature combination for the first CLI input based on the first feature type combination, evaluating the first CLI input using the first clustering model and the first feature combination, wherein the evaluating further comprises determining a similarity score corresponding to a similarity between the first feature combination and the one or more clusters, and determining whether or not the first CLI input corresponds to normal behavior based on the similarity score.

    Holo-entropy adaptive boosting based anomaly detection

    公开(公告)号:US11620180B2

    公开(公告)日:2023-04-04

    申请号:US16205138

    申请日:2018-11-29

    Applicant: VMware, Inc.

    Abstract: A computer-implemented method for determining whether data is anomalous includes generating a holo-entropy adaptive boosting model using, at least in part, a set of normal data. The holo-entropy adaptive boosting model includes a plurality of holo-entropy models and associated model weights for combining outputs of the plurality of holo-entropy models. The method further includes receiving additional data, and determining at least one of whether the additional data is normal or abnormal relative to the set of normal data or a score indicative of how abnormal the additional data is using, at least in part, the generated holo-entropy adaptive boosting model.

Patent Agency Ranking