公开(公告)号：US11645539B2

公开(公告)日：2023-05-09

申请号：US16518808

申请日：2019-07-22

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vamsi Akkineni ,  Vijay Ganti

IPC: G06F17/16 ,  G06V10/70 ,  G06N3/08 ,  G06F18/214

CPC classification number: G06V10/768 ,  G06F17/16 ,  G06F18/214 ,  G06N3/08

Abstract: Machine learning-based techniques for representing computing processes as vectors are provided. In one set of embodiments, a computer system can receive a name of a computing process and context information pertaining to the computing process. The computer system can further train a neural network based on the name and the context information, where the training results in determination of weight values for one or more hidden layers of the neural network. The computer system can then generate, based on the weight values, a vector representation of the computing process that encodes the context information and can perform one or more analyses using the vector representation.

公开(公告)号：US11620180B2

公开(公告)日：2023-04-04

申请号：US16205138

申请日：2018-11-29

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Bin Zan ,  Vijay Ganti ,  Vamsi Akkineni ,  HengJun Tian

IPC: G06F9/44 ,  G06F11/07 ,  G06F21/56 ,  G06F11/34 ,  G06N20/20 ,  G06F9/455 ,  H04L9/40

Abstract: A computer-implemented method for determining whether data is anomalous includes generating a holo-entropy adaptive boosting model using, at least in part, a set of normal data. The holo-entropy adaptive boosting model includes a plurality of holo-entropy models and associated model weights for combining outputs of the plurality of holo-entropy models. The method further includes receiving additional data, and determining at least one of whether the additional data is normal or abnormal relative to the set of normal data or a score indicative of how abnormal the additional data is using, at least in part, the generated holo-entropy adaptive boosting model.

公开(公告)号：US11258655B2

公开(公告)日：2022-02-22

申请号：US16212170

申请日：2018-12-06

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Dexiang Wang ,  Bin Zan ,  Vijay Ganti ,  Amit Chopra ,  Ruimin Sun

IPC: H04L12/24 ,  G06F9/455

Abstract: A method for managing alarms in a virtual machine environment includes receiving alarm data related to a process and storing the alarm data in a database, where the alarm data comprises one or more features. The method further includes retrieving intended state information for the process and comparing the one more features of the alarm data to the intended state information to determine whether the alarm is an outlier. The method also includes computing a normal score for the alarm if the alarm is not an outlier, and computing an abnormal score for the alarm if the alarm is an outlier. The method also includes sending a notification for the alarm and the computed score.

公开(公告)号：US11741236B2

公开(公告)日：2023-08-29

申请号：US16514042

申请日：2019-07-17

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vijay Ganti ,  Vamsi Krishna Akkineni

IPC: G06F21/57 ,  G06N20/00

CPC classification number: G06F21/577 ,  G06N20/00 ,  G06F2221/034

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, the feature selection methodology automatically monitors components of a computing environment. The feature selection methodology then determines the importance of various components of the computing environment. The feature selection methodology further outputs results of the determining of the importance of the components within the computing device.

公开(公告)号：US11689545B2

公开(公告)日：2023-06-27

申请号：US17151142

申请日：2021-01-16

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Ereli Eran ,  Barak Raz ,  Vijay Ganti

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0263 ,  H04L63/1441 ,  H04L63/20

Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.

公开(公告)号：US11295011B2

公开(公告)日：2022-04-05

申请号：US16242396

申请日：2019-01-08

Applicant: VMware, Inc.

Inventor： Ruimin Sun ,  Vijay Ganti ,  Zhen Mo ,  Bin Zan ,  Vamsi Akkineni

IPC: G06F21/55 ,  G06N20/00 ,  G06F21/56 ,  G06K9/62 ,  G06F21/53

Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.

公开(公告)号：US11847481B2

公开(公告)日：2023-12-19

申请号：US16514059

申请日：2019-07-17

Applicant: VMware, Inc.

Inventor： Bin Zan ,  Zhen Mo ,  Vijay Ganti ,  Vamsi Krishna Akkineni

IPC: G06F9/455 ,  G06F17/16 ,  G06N20/00 ,  G06F18/2415

CPC classification number: G06F9/45558 ,  G06F17/16 ,  G06F18/2415 ,  G06N20/00 ,  G06F2009/45591

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are well defined, a classification of the features is performed. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated.

公开(公告)号：US11729207B2

公开(公告)日：2023-08-15

申请号：US16900240

申请日：2020-06-12

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Vijay Ganti ,  Debessay Fesehaye Kassa ,  Barak Raz ,  Honglei Li

IPC: H04L9/40

CPC classification number: H04L63/1441 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.

公开(公告)号：US10860712B2

公开(公告)日：2020-12-08

申请号：US16032349

申请日：2018-07-11

Applicant: VMware, Inc.

Inventor： Zhen Mo ,  Dexiang Wang ,  Bin Zan ,  Vijay Ganti ,  Amit Chopra

IPC: G06F21/55 ,  G06F9/455 ,  G06F21/57

Abstract: A virtual computing instance (VCI) is protected against security threats by a security manager, monitoring a behavior of a VCI over an observation period. The method further includes, storing by the security manager a digital profile in a first database, wherein the digital profile comprises information indicative of the behavior. The method further includes, accessing by a detection system, the digital profile from the first database, and accessing by the detection system, an intended state associated with VCI, wherein the intended state comprises information indicative of a behavior from a second VCI. The method further includes, comparing at least part of the digital profile to the at least part of the intended state. The method further includes, determining by the detection system, that the VCI contains a security threat when information indicative of a behavior in the digital profile is an outlier.

公开(公告)号：US11847240B2

公开(公告)日：2023-12-19

申请号：US17112266

申请日：2020-12-04

Applicant: VMware, Inc.

Inventor： Debessay Fesehaye Kassa ,  Zhen Mo ,  Patrick Charles Upatham

IPC: H04L29/06 ,  G06F21/62 ,  G06F16/901

CPC classification number: G06F21/6209 ,  G06F16/9027

Abstract: A method of generating relevant security rules for a user includes the steps of: building a first tree data structure from paths within a pool of security rules; collecting process paths for the user; and compiling the relevant security rules for the user by traversing the first tree data structure according to the process paths of the user.