Interpretable node embedding
US-11727248-B2 · Aug 15, 2023 · US
Modifying network relationships using a heterogenous network flows graph
US12143393B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12143393-B2 |
| Application number | US-202217582943-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 24, 2022 |
| Priority date | Jan 24, 2022 |
| Publication date | Nov 12, 2024 |
| Grant date | Nov 12, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: creating a graph of network traffic flows for a network, the graph including a first device node that represents a first network device and a first security group node that represents a first security group, wherein the graph indicates that the first network device belongs to the first security group; applying a graph-based learning model to the graph to create a first vector that represents the first device node and a second vector that represents the first security group node; calculating a norm of the first and second vectors to create a third vector that represents an edge between the first device node and the first security group node; applying a binary classifier to the third vector; based on an output of the binary classifier, updating a database that stores security group information to remove the first network device from the first security group; based on removal of the first network device from the first security group, modifying network configuration settings of the network; and filtering network traffic of the first network device based on the modified network configuration settings. 2. The method of claim 1 , wherein the first network device is a virtual machine (VM). 3. The method of claim 1 , further comprising: comparing the second vector to a fourth vector, the fourth vector representing a second security group node; based on the comparison, determining a similarity level between the second vector and the fourth vector; determining that the similarity level exceeds a threshold; and updating the database to combine the first and second security groups into a single security group. 4. The method of claim 1 , further comprising: adding a false edge to the graph; applying the graph-based learning model; and determining whether the graph-based learning model identifies the false edge as an anomaly. 5. The method of claim 1 , further comprising: removing the edge between the first device node and the first security group node; applying the graph-based learning model; and determining whether the graph-based learning model predicts that the edge should exist. 6. The method of claim 1 , wherein the binary classifier is a logistic regression model. 7. The method of claim 1 , wherein the graph-based learning model is a metapath2vec algorithm. 8. A non-transitory, computer-readable medium containing instructions executable by a processor to perform operations comprising: creating a graph of network traffic flows for a network, the graph including a first device node that represents a first network device and a first security group node that represents a first security group, wherein the graph indicates that the first network device belongs to the first security group; applying a graph-based learning model to the graph to create a first vector that represents the first device node and a second vector that represents the first security group node; calculating a norm of the first and second vectors to create a third vector that represents an edge between the first device node and the first security group node; applying a binary classifier to the third vector; based on an output of the binary classifier, updating a database that stores security group information to remove the first network device from the first security group; based on removal of the first network device from the first security group, modifying network configuration settings of the network; and filtering network traffic of the first network device based on the modified network configuration settings. 9. The non-transitory, computer-readable medium of claim 8 , wherein the first network device is a virtual machine (VM). 10. The non-transitory, computer-readable medium of claim 8 , the operations further comprising: comparing the second vector to a fourth vector, the fourth vector representing a second security group node; based on the comparison, determining a similarity level between the second vector and the fourth vector; determining that the similarity level exceeds a threshold; and updating the database to combine the first and second security groups into a single security group. 11. The non-transitory, computer-readable medium of claim 8 , the operations further comprising: adding a false node to the graph; applying the graph-based learning model; and determining whether the graph-based learning model identifies the false node as an anomaly. 12. The non-transitory, computer-readable medium of claim 11 , the operations further comprising: removing the edge between the first device node and the first security group node; applying the graph-based learning model; and determining whether the graph-based learning model indicates that the edge should exist. 13. The non-transitory, computer-readable medium of claim 8 , wherein the binary classifier is a logistic regression model. 14. The non-transitory, computer-readable medium of claim 8 , wherein the graph-based learning model is a metapath2vec algorithm. 15. A system for modifying network relationships using a heterogenous network flows graph, comprising: a processor; a non-transitory, computer-readable medium comprising instructions executable by the processor to perform operations comprising: creating a graph of network traffic flows for a network, the graph including a first device node that represents a first network device and a first security group node that represents a first security group, wherein the graph indicates that the first network device belongs to the first security group; applying a graph-based learning model to the graph to create a first vector that represents the first device node and a second vector that represents the first security group node; calculating a norm of the first and second vectors to create a third vector that represents an edge between the first device node and the first security group node; applying a binary classifier to the third vector; based on an output of the binary classifier, updating a database that stores security group information to remove the first network device from the first security group; based on removal of the first network device from the first security group, modifying network configuration settings of the network; and filtering network traffic of the first network device based on the modified network configuration settings. 16. The system of claim 15 , wherein the first network device is a virtual machine (VM). 17. The system of claim 15 , the operations further comprising: comparing the second vector to a fourth vector, the fourth vector representing a second security group node; based on the comparison, determining a similarity level between the second vector and the fourth vector; determining that the similarity level exceeds a threshold; and updating the database to combine the first and second security groups into a single security group. 18. The system of claim 15 , the operations further comprising: adding a false node to the graph; applying the graph-based learning model; and determining whether the graph-based learning model identifies the false node as an anomaly. 19. The system of claim 18 , the operations further comprising: removing the edge between the first device node and the first security group node; applying the graph-based learning model; and determining whether the graph-based learning model indicates that the edge should exist. 20. The system of claim 15 , wherein the binary classi
Assignees
Inventors
Classifications
Discovery or management of network topologies · CPC title
characterised by the conditions triggering a change of settings · CPC title
Machine learning · CPC title
Ensuring data consistency and integrity · CPC title
Architecture, e.g. interconnection topology · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12143393B2 cover?
- Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddin…
- Who is the assignee on this patent?
- VMware LLC
- What technology area does this patent fall under?
- Primary CPC classification H04L63/104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 12 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).