US Patent 10341355 Confidential malicious behavior analysis for virtual computing resources

A multi-tenant provider network may implement confidential data capture and analysis for virtual computing resources. Network traffic for virtual compute instances may be evaluated to identify possible malicious behavior of the virtual compute instances. In some embodiments, a stream of raw metering data for individual network communications to the virtual compute instances may be evaluated. A confidential analysis may be performed for identified virtual compute instances, evaluating confidential data utilized by the virtual compute instances for malicious software. Results of the confidential analysis may be generated according to an access policy that restricts access to the confidential data. The results may be provided to a client that is restricted from accessing the confidential data according to the access policy.