Security threat detection based on network flow analysis

Assignee

• VMware LLC · US

Inventors

• Tejas Sanjeev Panse · Palo Alto, US
• Santhanakrishnan Kaliya Perumal · Cupertino, US
• Aditi Vutukuri · Atlanta, US
• Margaret Petrus · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.