公开(公告)号：US12015591B2

公开(公告)日：2024-06-18

申请号：US17543254

申请日：2021-12-06

Applicant: VMware LLC

Inventor： Kavya Kambi Ravi ,  Radha Popuri ,  Sunitha Krishna ,  Margaret Petrus ,  Yiwei Zhang

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/20

Abstract: Some embodiments provide a method for modifying a firewall rule of a security policy implemented in a network. The method identifies a set of compute machines to be added to a match condition for the firewall rule. The match condition is expressed using one or more groups of compute machines. The method selects a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups. The method uses the selected set of groups for the match condition of the firewall rule.

公开(公告)号：US11997120B2

公开(公告)日：2024-05-28

申请号：US17372271

申请日：2021-07-09

Applicant: VMware LLC

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1466 ,  H04L63/20

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.

公开(公告)号：US11909653B2

公开(公告)日：2024-02-20

申请号：US16744131

申请日：2020-01-15

Applicant: VMware LLC

Inventor： Mengzhuo Lu ,  Margaret Petrus

IPC: H04L47/2441 ,  H04L43/045 ,  G06N5/01 ,  G06N20/00

CPC classification number: H04L47/2441 ,  G06N5/01 ,  H04L43/045 ,  G06N20/00

Abstract: Example methods and systems for self-learning packet flow monitoring. One example method may comprise monitoring a packet flow to identify attribute information associated with the packet flow between a source and a destination; and classifying the packet flow using a classification engine that is trained using a training dataset to determine a classification output associated with the packet flow. The example method may also comprise providing, to a user device, a user interface (UI) that includes a visualization of the packet flow and the classification output; requesting, via the UI, a feedback associated with the classification output for the packet flow; and updating the classification engine or the training dataset based on the feedback from the user device.

公开(公告)号：US11991187B2

公开(公告)日：2024-05-21

申请号：US17220553

申请日：2021-04-01

Applicant: VMware LLC

Inventor： Tejas Sanjeev Panse ,  Santhanakrishnan Kaliya Perumal ,  Aditi Vutukuri ,  Margaret Petrus

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.

公开(公告)号：US12143393B2

公开(公告)日：2024-11-12

申请号：US17582943

申请日：2022-01-24

Applicant: VMware LLC

Inventor： Karen Hayrapetyan ,  Sunitha Krishna ,  Nikash Walia ,  Margaret Petrus

IPC: H04L9/40 ,  G06F16/23 ,  G06N20/00 ,  H04L41/0813 ,  H04L41/12

Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.