-
1.发明公开公开(公告)号:US20240323210A1
公开(公告)日:2024-09-26
申请号:US18188029
申请日:2023-03-22
Applicant: VMware LLC
Inventor: Robin Manhas , Nafisa Oanali Mandliwala , Srinivas Ramaswamy
IPC: H04L9/40
CPC classification number: H04L63/1425 , H04L63/1416
Abstract: Improved techniques for testing the effectiveness of signatures used by a signature-based intrusion detection system (IDS) are provided. In one set of embodiments, these techniques involve parsing each signature in the IDS's signature set (or a subset of the signature set) to understand the signature's content and creating a synthetic network traffic flow for the signature that mimics/simulates its corresponding attack. The synthetic network traffic flows can then be replayed against the IDS in order to verify that the correct alerts are generated by the IDS.
-
2.发明授权公开(公告)号:US12261859B2
公开(公告)日:2025-03-25
申请号:US17985089
申请日:2022-11-10
Applicant: VMware LLC
Inventor: Robin Manhas , Nafisa Mandliwala , Sirisha Myneni , Srinivas Ramaswamy
IPC: H04L9/40
Abstract: Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.
-
3.发明公开公开(公告)号:US20240163294A1
公开(公告)日:2024-05-16
申请号:US17985089
申请日:2022-11-10
Applicant: VMware LLC
Inventor: Robin Manhas , Nafisa Mandliwala , Sirisha Myneni , Srinivas Ramaswamy
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/1425 , H04L63/1441
Abstract: Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.
-
-
Search Results
3
records
(took 0.011 seconds)
