Entropy based security detection system

Assignee

• VMware LLC · US

Inventors

• Zhen Mo · Sunnyvale, US
• Dexiang Wang · Sunnyvale, US
• Bin Zan · Palo Alto, US
• Vijay Ganti · Fremont, US
• Amit Chopra · Mountain View, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45587
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A virtual computing instance (VCI) is protected against security threats by a security manager, monitoring a behavior of a VCI over an observation period. The method further includes, storing by the security manager a digital profile in a first database, wherein the digital profile comprises information indicative of the behavior. The method further includes, accessing by a detection system, the digital profile from the first database, and accessing by the detection system, an intended state associated with VCI, wherein the intended state comprises information indicative of a behavior from a second VCI. The method further includes, comparing at least part of the digital profile to the at least part of the intended state. The method further includes, determining by the detection system, that the VCI contains a security threat when information indicative of a behavior in the digital profile is an outlier.