Patent · US Active

Detection of threats based on responses to name resolution requests

US11792151B2 · kind B2 · utility

0Cited by

57References

25Claims

0Family size

Assignee

VMware LLC · US

Inventors

Tejas Sanjeev Panse · Palo Alto, US
Aditi Vutukuri · Atlanta, US
Arnold Poon · San Mateo, US
Rajiv Mordani · Sunnyvale, US
Margaret Petrus · San Jose, US

Key dates

Filing date	Oct 21, 2021
Grant date	Oct 17, 2023
Priority date	—
Expiry date	Oct 21, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L61/5053
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.