Patents by Inventor Geoff Outhred
Geoff Outhred has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11233804Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.Type: GrantFiled: January 28, 2019Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Behnaz Arzani, Selim Ciraci, Stefan Saroiu, Alastair Wolman, Jack Wilson Stokes, III, Geoff Outhred
-
Patent number: 10778507Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: GrantFiled: February 28, 2019Date of Patent: September 15, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Geoff Outhred, Selim Ciraci
-
Publication number: 20200244674Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.Type: ApplicationFiled: January 28, 2019Publication date: July 30, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Behnaz ARZANI, Selim CIRACI, Stefan SAROIU, Alastair WOLMAN, Jack Wilson STOKES, III, Geoff OUTHRED
-
Publication number: 20190199580Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: ApplicationFiled: February 28, 2019Publication date: June 27, 2019Inventors: Geoff OUTHRED, Selim CIRACI
-
Patent number: 10263835Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: GrantFiled: August 12, 2016Date of Patent: April 16, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Geoff Outhred, Selim Ciraci
-
Publication number: 20180048519Abstract: A server includes a processor and memory. An operating system is executed by the processor and memory. A network interface is run by the operating system and sends and receives flows using transmission control protocol (TCP). An agent application is run by the operating system and is configured to a) retrieve and store TCP telemetry data for the flows in a flow table; b) move selected ones of the flows from the flow table to a closed connections table when the flow is closed; and c) periodically send the flow table and the closed connections table via the network interface to a remote server.Type: ApplicationFiled: August 12, 2016Publication date: February 15, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Geoff OUTHRED, Selim CIRACI
-
Patent number: 9876717Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: March 13, 2015Date of Patent: January 23, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20150188818Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: ApplicationFiled: March 13, 2015Publication date: July 2, 2015Inventors: HASAN ALKHATIB, GEOFF OUTHRED
-
Patent number: 8982890Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: January 25, 2013Date of Patent: March 17, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Hasan Alkhatib, Geoff Outhred
-
Patent number: 8407366Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.Type: GrantFiled: May 14, 2010Date of Patent: March 26, 2013Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Changhoon Kim, Geoff Outhred, Deepak Bansal, Albert Greenberg, Dave Maltz, Parveen Patel
-
Patent number: 8374183Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: GrantFiled: June 22, 2010Date of Patent: February 12, 2013Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20110310899Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table).Type: ApplicationFiled: June 22, 2010Publication date: December 22, 2011Applicant: MICROSOFT CORPORATIONInventors: Hasan Alkhatib, Geoff Outhred
-
Publication number: 20110283017Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.Type: ApplicationFiled: May 14, 2010Publication date: November 17, 2011Applicant: MICROSOFT CORPORATIONInventors: Hasan Alkhatib, Changhoon Kim, Geoff Outhred, Deepak Bansal, Albert Greenberg, Dave Maltz, Parveen Patel