Patents by Inventor Vijay Ganti
Vijay Ganti has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11928466Abstract: Techniques for generating distributed representations of computing processes and events are provided. According to one set of embodiments, a computer system can receive occurrence data pertaining to a plurality of computing processes and a plurality of events associated with the plurality of computing processes. The computer system can then generate, based on the occurrence data, (1) a set of distributed process representations that includes, for each computing process, a representation that encodes a sequence of events associated with the computing process in the occurrence data, and (2) a set of distributed event representations that includes, for each event, a representation that encodes one or more event properties associated with the event and one or more events that occur within a window of the event in the occurrence data.Type: GrantFiled: July 14, 2021Date of Patent: March 12, 2024Assignee: VMware LLCInventors: Mahmood Sharif, Vijay Ganti
-
Patent number: 11847481Abstract: A feature selection methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are well defined, a classification of the features is performed. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated.Type: GrantFiled: July 17, 2019Date of Patent: December 19, 2023Assignee: VMware, Inc.Inventors: Bin Zan, Zhen Mo, Vijay Ganti, Vamsi Krishna Akkineni
-
Publication number: 20230300155Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: ApplicationFiled: May 23, 2023Publication date: September 21, 2023Inventors: Zhen MO, Ereli ERAN, Barak RAZ, Vijay GANTI
-
Patent number: 11741236Abstract: A feature selection methodology is disclosed. In a computer-implemented method, the feature selection methodology automatically monitors components of a computing environment. The feature selection methodology then determines the importance of various components of the computing environment. The feature selection methodology further outputs results of the determining of the importance of the components within the computing device.Type: GrantFiled: July 17, 2019Date of Patent: August 29, 2023Assignee: VMware, Inc.Inventors: Bin Zan, Zhen Mo, Vijay Ganti, Vamsi Krishna Akkineni
-
Patent number: 11729207Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.Type: GrantFiled: June 12, 2020Date of Patent: August 15, 2023Assignee: VMWARE, INC.Inventors: Zhen Mo, Vijay Ganti, Debessay Fesehaye Kassa, Barak Raz, Honglei Li
-
Patent number: 11689545Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: GrantFiled: January 16, 2021Date of Patent: June 27, 2023Assignee: VMware, Inc.Inventors: Zhen Mo, Ereli Eran, Barak Raz, Vijay Ganti
-
Patent number: 11645539Abstract: Machine learning-based techniques for representing computing processes as vectors are provided. In one set of embodiments, a computer system can receive a name of a computing process and context information pertaining to the computing process. The computer system can further train a neural network based on the name and the context information, where the training results in determination of weight values for one or more hidden layers of the neural network. The computer system can then generate, based on the weight values, a vector representation of the computing process that encodes the context information and can perform one or more analyses using the vector representation.Type: GrantFiled: July 22, 2019Date of Patent: May 9, 2023Assignee: VMWARE, INC.Inventors: Bin Zan, Zhen Mo, Vamsi Akkineni, Vijay Ganti
-
Patent number: 11620180Abstract: A computer-implemented method for determining whether data is anomalous includes generating a holo-entropy adaptive boosting model using, at least in part, a set of normal data. The holo-entropy adaptive boosting model includes a plurality of holo-entropy models and associated model weights for combining outputs of the plurality of holo-entropy models. The method further includes receiving additional data, and determining at least one of whether the additional data is normal or abnormal relative to the set of normal data or a score indicative of how abnormal the additional data is using, at least in part, the generated holo-entropy adaptive boosting model.Type: GrantFiled: November 29, 2018Date of Patent: April 4, 2023Assignee: VMWARE, INC.Inventors: Zhen Mo, Bin Zan, Vijay Ganti, Vamsi Akkineni, HengJun Tian
-
Publication number: 20230013574Abstract: Techniques for generating distributed representations of computing processes and events are provided. According to one set of embodiments, a computer system can receive occurrence data pertaining to a plurality of computing processes and a plurality of events associated with the plurality of computing processes. The computer system can then generate, based on the occurrence data, (1) a set of distributed process representations that includes, for each computing process, a representation that encodes a sequence of events associated with the computing process in the occurrence data, and (2) a set of distributed event representations that includes, for each event, a representation that encodes one or more event properties associated with the event and one or more events that occur within a window of the event in the occurrence data.Type: ApplicationFiled: July 14, 2021Publication date: January 19, 2023Inventors: Mahmood Sharif, Vijay Ganti
-
Patent number: 11507653Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.Type: GrantFiled: December 27, 2018Date of Patent: November 22, 2022Assignee: VMware, Inc.Inventors: Vaibhav Rekhate, Nilesh Awate, Amit Vasant Patil, Vijay Ganti
-
Publication number: 20220232032Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: ApplicationFiled: January 16, 2021Publication date: July 21, 2022Inventors: Zhen MO, Ereli ERAN, Barak RAZ, Vijay GANTI
-
Patent number: 11316879Abstract: A computer-implemented method and system for protecting a host computer in a computer network from security threats uses local security-relevant data for the host computer, as well as global security-relevant data for other components in the computer network downloaded from a security information plane system to the host computer, to determine a security threat to the host computer. When a security threat is determined to be a legitimate threat, a security alert is issued, and then an action is initiated in response to the security alert.Type: GrantFiled: January 23, 2019Date of Patent: April 26, 2022Assignee: VMWARE, INC.Inventors: David Ott, Lei Xu, Ruimin Sun, Vijay Ganti, Dennis R. Moreau
-
Patent number: 11295011Abstract: Certain aspects herein provide a system and method for performing behavior analysis for a computing device by a computing system. In certain aspects, a method includes detecting an event occurring at the computing device at a first time, determining, based on the detecting, an event category of the event, and collecting first one or more behaviors associated with the determined event category occurring on the computing device based. The method also includes comparing the first one or more behaviors with a dataset indicating one or more expected behaviors of the computing device associated with the event. Upon determining that at least one of the first one or more behaviors corresponds to an unexpected behavior based on the comparing, the method further includes taking one or more remedial actions.Type: GrantFiled: January 8, 2019Date of Patent: April 5, 2022Assignee: VMware, Inc.Inventors: Ruimin Sun, Vijay Ganti, Zhen Mo, Bin Zan, Vamsi Akkineni
-
Patent number: 11258655Abstract: A method for managing alarms in a virtual machine environment includes receiving alarm data related to a process and storing the alarm data in a database, where the alarm data comprises one or more features. The method further includes retrieving intended state information for the process and comparing the one more features of the alarm data to the intended state information to determine whether the alarm is an outlier. The method also includes computing a normal score for the alarm if the alarm is not an outlier, and computing an abnormal score for the alarm if the alarm is an outlier. The method also includes sending a notification for the alarm and the computed score.Type: GrantFiled: December 6, 2018Date of Patent: February 22, 2022Assignee: VMware, Inc.Inventors: Zhen Mo, Dexiang Wang, Bin Zan, Vijay Ganti, Amit Chopra, Ruimin Sun
-
Publication number: 20220027409Abstract: An example method of representing a selected entity in a plurality of entities in a computing system includes: obtaining a graph representation of the plurality of entities, the graph representation having nodes and edges representing a hierarchy of the plurality of entities; extracting a set of paths from the graph representation, each path in the set of paths including a series of edge-connected nodes in the graph representation; processing the set of paths to generate a vector representation of the selected entity, the vector representation having a plurality of elements representing a context of the selected entity within the graph representation; and providing the vector representation as input to an application executing in the computing system.Type: ApplicationFiled: July 23, 2020Publication date: January 27, 2022Inventors: Srilakshmi LINGAMNENI, Barak RAZ, Bin ZAN, Zhen MO, Vijay GANTI
-
Publication number: 20210392160Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.Type: ApplicationFiled: June 12, 2020Publication date: December 16, 2021Inventors: Zhen MO, Vijay GANTI, Debessay Fesehaye KASSA, Barak RAZ, Honglei LI
-
Patent number: 11122065Abstract: Feature vectors are abstracted from data describing application processes. The feature vectors are grouped to define non-anomalous clusters of feature vectors corresponding to normal application behavior. Subsequent feature vectors are considered anomalous if they do not fall within one of the non-anomalous clusters; alerts are issued for anomalous feature vectors. In addition, the subsequent feature vectors may be used to regroup feature vectors to adapt to changes in what constitutes normal application behavior.Type: GrantFiled: August 14, 2018Date of Patent: September 14, 2021Assignee: VMware, Inc.Inventors: Bin Zan, Dexiang Wang, Zhen Mo, Vijay Ganti
-
Patent number: 11102208Abstract: A computer security system provides for auto-populating process-connection whitelists using process wildcarding and connection wildcarding. Process wildcarding involves grouping process-connection requests together in a process* group without regard to the presence of distinct process arguments; in contrast, some process-connection requests may be separated both by process and by argument into process?argument groups. The process-connection requests may then be analyzed on a group-by-group basis to determine which processes can be mapped to wildcarded connection in a respective process-connection whitelist.Type: GrantFiled: February 27, 2019Date of Patent: August 24, 2021Assignee: Nicira, Inc.Inventors: Amit Chopra, Daniel G. Wing, Vijay Ganti, Christopher Corde, Amit Patil, Peixiao Lin, Sanjay Sanghavi
-
Patent number: 11050765Abstract: A security system for a customer computer site includes a cloud-based manager (CBM) and on-site components. The on-site components include a manager appliance, guest agents of the CBM installed within respective virtual machines, and host agents of the CBM installed on hypervisors on which the virtual machines. The guest agents have a many-to-one relationship with the host agents, which have a many-to-one relationship with the appliance. In a scenario, many guest agents may generate alarms and send them to the host agents. Each host agent consolidates alarms across the different virtual machines it hosts and pushes the consolidated alarms to the manager appliance. The appliance batch processes the consolidated alarms across host agents, and pushes the batched alarms to the CBM, which deduplicates the alarms and notifies an administrator.Type: GrantFiled: August 25, 2018Date of Patent: June 29, 2021Assignee: Nicira, Inc.Inventors: Peixiao Lin, Amit Chopra, Daniel G. Wing, Vijay Ganti, Christopher Corde, Amit Patil
-
Patent number: 10956561Abstract: A security system for a distributed application obtains and, in effect, preserves provisioning information for the purpose of auto-populating whitelists used to protect the distributed application from intrusions. The provisioning information identifies allowable connections on a software-package level. Entries mapping processes to connection destinations are added to a whitelist if a process requesting a connection results from execution of an executable file installed as part of a software package for which the connection was allowed according to the provisioning information.Type: GrantFiled: February 27, 2019Date of Patent: March 23, 2021Assignee: Nicira, Inc.Inventors: Amit Chopra, Daniel G. Wing, Vijay Ganti, Christopher Corde, Amit Patil, Peixiao Lin