公开(公告)号：US20190319863A1

公开(公告)日：2019-10-17

申请号：US15952114

申请日：2018-04-12

Applicant: Cisco Technology, Inc.

Inventor： Manoj Gupta ,  Juei Cheng Lo

IPC: H04L12/26 ,  H04L12/707

Abstract: In an embodiment, a computer implemented method comprises receiving, at an edge node in a data communications network, a plurality of digital data packets that have been received via a wireless data interface, wired data interface or data path; filtering, by the edge node, the plurality of digital data packets to produce filtered digital data packets; in the edge node, executing code for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol; in the edge node, in parallel with executing the code, executing a protocol state machine comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol; detecting, by the edge node, an anomaly between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, generating an anomaly event comprising digital data indicating that an anomaly event has occurred; in response to detecting the anomaly event, transmitting, by the edge node, an anomaly event log based on the anomaly event and the filtered digital data packets to a different computing device.

公开(公告)号：US10574547B2

公开(公告)日：2020-02-25

申请号：US15952114

申请日：2018-04-12

Applicant: Cisco Technology, Inc.

Inventor： Manoj Gupta ,  Juei Cheng Lo

IPC: H04W88/08 ,  H04L12/26 ,  H04L12/707 ,  H04L29/08

Abstract: A plurality of digital data packets may be received via a wireless data interface, wired data interface, or data path. Code may be executed for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol. A protocol state machine may be executed comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol. An anomaly may be detected between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, an anomaly event may be generated comprising digital data indicating that the anomaly has occurred. An anomaly event log based on the anomaly event and the filtered digital data packets may be transmitted to a computing device.