TECHNOLOGIES FOR MANAGING COMPROMISED SENSORS IN VIRTUALIZED ENVIRONMENTS
First Claim
1. A method comprising:
- receiving, from a first capturing agent deployed in a virtualization layer of a first device, a first data report generated based on traffic captured by the first capturing agent at the virtualization layer of the first device;
receiving, from a second capturing agent deployed in a hardware layer of a second device, a second data report generated based on traffic captured by the second capturing agent at the hardware layer of the second device;
based on the first and second data reports, determining a first set of characteristics of the traffic captured by the first capturing agent and a second set of characteristics of the traffic captured by the second capturing agent;
comparing the first set of characteristics of the traffic captured by the first capturing agent with the second set of characteristics captured by the second capturing agent to determine a multi-layer difference in traffic characteristics; and
based on the multi-layer difference in traffic characteristics, determining that one of the first capturing agent or the second capturing agent is in a faulty state.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, from a first capturing agent deployed in a virtualization layer of a first device, a first data report generated based on traffic captured by the first capturing agent at the virtualization layer of the first device; receiving, from a second capturing agent deployed in a hardware layer of a second device, a second data report generated based on traffic captured by the second capturing agent at the hardware layer of the second device; based on the first and second data reports, determining a first set of characteristics of the traffic captured by the first capturing agent and a second set of characteristics of the traffic captured by the second capturing agent; comparing the first set of characteristics of the traffic captured by the first capturing agent with the second set of characteristics captured by the second capturing agent to determine a multi-layer difference in traffic characteristics; and based on the multi-layer difference in traffic characteristics, determining that one of the first capturing agent or the second capturing agent is in a faulty state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors; and one or more computer-readable storage devices having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving, from a first capturing agent deployed in a virtualization layer of a first device, a first data report generated based on traffic captured by the first capturing agent at the virtualization layer of the first device; receiving, from a second capturing agent deployed in a hardware layer of a second device, a second data report generated based on traffic captured by the second capturing agent at the hardware layer of the second device; based on the first data report and the second data report, determining a first set of characteristics of the traffic captured by the first capturing agent and a second set of characteristics of the traffic captured by the second capturing agent; comparing the first set of characteristics of the traffic captured by the first capturing agent with the second set of characteristics captured by the second capturing agent to determine a multi-layer difference in traffic characteristics; and based on the multi-layer difference in traffic characteristics, determining that one of the first capturing agent or the second capturing agent is in a faulty state. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving, from a first capturing agent deployed in a virtualization layer of a first device, one or more data reports generated based on traffic captured by the first capturing agent at the virtualization layer of the first device; receiving, from a second capturing agent deployed in a hardware layer of a second device, one or more data reports generated based on traffic captured by the second capturing agent at the hardware layer of the second device; based on the one or more data reports from the first capturing agent and the second capturing agent, determining a first set of characteristics of the traffic captured by the first capturing agent and a second set of characteristics of the traffic captured by the second capturing agent; comparing the first set of characteristics of the traffic captured by the first capturing agent with the second set of characteristics captured by the second capturing agent to determine a multi-layer difference in traffic characteristics; and based on the multi-layer difference in traffic characteristics, determining that one of the first capturing agent or the second capturing agent is in a faulty state.
-
Specification