-
公开(公告)号:US11997120B2
公开(公告)日:2024-05-28
申请号:US17372271
申请日:2021-07-09
Applicant: VMware LLC
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
IPC: H04L9/40
CPC classification number: H04L63/1425 , H04L63/0263 , H04L63/1416 , H04L63/1466 , H04L63/20
Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.
-
公开(公告)号:US11991187B2
公开(公告)日:2024-05-21
申请号:US17220553
申请日:2021-04-01
Applicant: VMware LLC
CPC classification number: H04L63/1416 , H04L63/1425
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.
-
Search Results
2
records
(took 0.01 seconds)
