Threat detection and mitigation in a virtualized computing environment
US10320813B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 30, 2015 |
| Grant date | Jun 11, 2019 |
| Priority date | — |
| Expiry date | Apr 30, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer. A response layer may automatically take action in response to threat detections (which may be overridden by an administrator) and may store classification data for subsequent analysis, feedback, and predictor refinement.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.