{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11295021","patent":{"patent_number":"US-11295021","title":"Using a threat model to monitor host execution in a virtualized environment","assignee":null,"inventors":[],"filing_date":"2019-09-18T00:00:00.000Z","publication_date":"2022-04-05T00:00:00.000Z","cpc_codes":["G06F","G06F","G06F","G06F","H04L","G06F","G06F","H04L"],"num_claims":20,"abstract":"Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Using a threat model to monitor host execution in a virtualized environment","description":"Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operati","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11295021","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11295021","citation_suggestion":"Patentable. \"Using a threat model to monitor host execution in a virtualized environment\" (US-11295021). https://patentable.app/patents/US-11295021","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11295021","json":"https://patentable.app/api/llm-context/US-11295021","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-31T01:07:15.768Z"}