Patent · US Active

Hierarchical novelty detection using intended states for network security

US11729207B2 · kind B2 · utility

0Cited by

3References

20Claims

0Family size

Assignee

VMware LLC · US

Inventors

Zhen Mo · Sunnyvale, US
Vijay Ganti · Fremont, US
Debessay Fesehaye Kassa · San Diego, US
Barak Raz · Sunnyvale, US
Honglei Li · Charlotte, US

Key dates

Filing date	Jun 12, 2020
Grant date	Aug 15, 2023
Priority date	—
Expiry date	Dec 31, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.