公开(公告)号：US20170374090A1

公开(公告)日：2017-12-28

申请号：US15191152

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L12/833 ,  H04L12/851 ,  H04L12/46 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/4641 ,  H04L41/16 ,  H04L43/026 ,  H04L43/04 ,  H04L47/2483 ,  H04L47/31 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

公开(公告)号：US09674204B2

公开(公告)日：2017-06-06

申请号：US14963915

申请日：2015-12-09

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  John Foley

IPC: G06F11/00 ,  H04L29/06 ,  H04L9/30

CPC classification number: H04L63/123 ,  H04L9/30 ,  H04L63/0435 ,  H04L63/1466

Abstract: A method of providing anti-replay protection, authentication, and encryption with minimal data overhead is provided. A sender uses an arbitrary-length pseudorandom permutation to encrypt messages that include plaintext and successively increasing sequence numbers, to produce ciphertext messages. The sender transmits the ciphertext messages. A receiver receives the ciphertext messages and, for each received ciphertext message, performs the following operations. The receiver decrypts the given ciphertext message to recover plaintext and a candidate sequence number from the message. The receiver determines if the candidate sequence number is in any one of multiple non-contiguous acceptable sequence number windows having respective sequence number ranges that are based on at least one of a highest sequence number previously accepted and a last sequence number that was previously rejected, as established based on processing of previously received ciphertext messages.

公开(公告)号：US09294462B2

公开(公告)日：2016-03-22

申请号：US14155865

申请日：2014-01-15

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  David McGrew ,  Andrzej Kielbasinski

IPC: G06F21/31 ,  H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0884

Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.

Abstract translation: 当客户机设备的用户尝试发起与由服务提供商管理的应用的用户会话时，生成认证请求。 基于从用户接收的凭证生成认证响应。 认证响应包括代表用户的断言。 用于断言的传送资源定位符被重写到代理的资源定位符，以便将断言重定向到代理。 认证响应与代理的资源定位器一起被发送到客户机设备，以便使客户端设备将该断言发送到对重写的资源定位符进行解码的代理，并将该断言发送给服务提供商。

公开(公告)号：US20140359277A1

公开(公告)日：2014-12-04

申请号：US13909735

申请日：2013-06-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： David McGrew

IPC: H04L29/06

CPC classification number: H04L63/0245

Abstract: In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括从安全设备接收第一网络设备的加密规则，在第一网络设备处接收包含来自第二网络设备的至少一个加密子场的分组，基于密钥加密的子域 在所述第二网络设备处从所述安全设备接收，以及确定所述加密的子字段是否匹配所述加密的规则。 本文还公开了一种装置和逻辑。

公开(公告)号：US12301593B2

公开(公告)日：2025-05-13

申请号：US17861583

申请日：2022-07-11

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  Ivan Nikolaev

IPC: G06F21/55 ,  H04L9/40 ,  H04L29/06 ,  H04L67/02 ,  H04L67/50 ,  H04L69/00 ,  H04L61/4523 ,  H04L101/365 ,  H04W12/72

Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.

公开(公告)号：US12126653B2

公开(公告)日：2024-10-22

申请号：US17107350

申请日：2020-11-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Chris Allen Shenefiel ,  David McGrew ,  Robert M. Waitman

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/166 ,  G06N20/00 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a service that monitors a network obtains file characteristic data of a file stored on a first endpoint in the network. The service infers characteristics of encrypted content within encrypted traffic in the network between the first endpoint and a second endpoint, by applying a machine learning-based classifier to traffic data regarding the encrypted traffic session. The service compares the file characteristic data of the file to the inferred content characteristics of the encrypted content within the encrypted traffic, to detect the file within the encrypted traffic. The service enforces a network policy in the network, based on the detection of the file within the encrypted traffic.

公开(公告)号：US20240259422A1

公开(公告)日：2024-08-01

申请号：US18535021

申请日：2023-12-11

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1425 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US11909760B2

公开(公告)日：2024-02-20

申请号：US17395968

申请日：2021-08-06

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Subharthi Paul ,  Ivan Nikolaev ,  Martin Grill

IPC: H04L29/06 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/145 ,  H04L63/0428 ,  H04L63/1408 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

公开(公告)号：US11784807B2

公开(公告)日：2023-10-10

申请号：US17335194

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Chirag Shroff ,  David McGrew

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0866 ,  H04L9/0825 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/3278

Abstract: According to certain embodiments, a method comprises receiving an encrypted value from a trust anchor. The encrypted value is received by a hardware component, and the encrypted value is associated with a posture assessment in which the trust anchor determines whether the hardware component is authorized to run on a product. The method further comprises obtaining a random value (K) based on decrypting the encrypted value. The decrypting uses a long-term key associated with the hardware component. The method further comprises communicating an encrypted response to the trust anchor. The encrypted response is encrypted using the random value (K). The encrypted response enables the trust anchor to determine whether the hardware component is authorized to run on the product.

公开(公告)号：USRE49684E1

公开(公告)日：2023-10-03

申请号：US17463337

申请日：2021-08-31

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew

IPC: H04L9/40 ,  G06N20/00 ,  H04L67/01 ,  H04L41/14 ,  H04L67/02 ,  H04L69/326

CPC classification number: H04L63/145 ,  G06N20/00 ,  H04L63/1425 ,  H04L63/166 ,  H04L41/14 ,  H04L63/1441 ,  H04L67/01 ,  H04L67/02 ,  H04L69/326

Abstract: In one embodiment, a traffic analysis service receives captured traffic data regarding a Transport Layer Security (TLS) connection between a client and a server. The traffic analysis service applies a first machine learning-based classifier to TLS records from the traffic data, to identify a set of the TLS records that include Hypertext Transfer Protocol (HTTP) header information. The traffic analysis service estimates one or more HTTP transaction labels for the connection by applying a second machine learning-based classifier to the identified set of TLS records that include HTTP header information. The traffic analysis service augments the captured traffic data with the one or more HTTP transaction labels. The traffic analysis service causes performance of a network security function based on the augmented traffic data.