公开(公告)号：US20150326486A1

公开(公告)日：2015-11-12

申请号：US14274220

申请日：2014-05-09

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Donovan O'Hara

IPC: H04L12/805 ,  H04L12/26

CPC classification number: H04L12/6418 ,  H04L43/026 ,  H04L43/0876 ,  H04L47/36

Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.

Abstract translation: 在一个实施例中，提供了一种用于改进数据中心和端点网络可见性和安全性的方法。 该方法包括通过网络检测多个分组的通信流，并且生成唯一地标识通信流的流标识符。 在确定与通信流相关联的应用之后，生成流记录。 流记录包括流标识符和与通信流相关联的应用的指示。 应用程序的指示可以是例如应用程序二进制文件的散列。

公开(公告)号：US08806650B2

公开(公告)日：2014-08-12

申请号：US13949173

申请日：2013-07-23

Applicant: Cisco Technology Inc.

Inventor： Jeffrey A. Kraemer ,  Andrew Zawadowskiy ,  Philip J. S. Gladstone

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  G06F21/56 ,  H04L63/14 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: A system inserts at least one notifying identifier in the computer system. The at least one notifying identifier provides execution information associated with the computer system. The system receives execution information from the at least one notifying identifier, the execution information identifies details associated with a traffic flow on the computer system. The system then generates a signature based on a deterministic link provided by the execution information provided by the at least one notifying identifier. The signature is utilized to prevent further damage caused to the computer system by at least one attack.

Abstract translation: 系统在计算机系统中插入至少一个通知标识符。 所述至少一个通知标识符提供与计算机系统相关联的执行信息。 系统从至少一个通知标识符接收执行信息，执行信息识别与计算机系统上的业务流相关联的细节。 然后，系统基于由至少一个通知标识符提供的执行信息提供的确定性链路来生成签名。 该签名用于通过至少一次攻击来防止对计算机系统的进一步损坏。

公开(公告)号：US20250039143A1

公开(公告)日：2025-01-30

申请号：US18625739

申请日：2024-04-03

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Kyle Andrew Donald Mestery ,  Andrew Zawadowskiy

IPC: H04L9/40 ,  H04L9/32

Abstract: A system and method are provided for communicating security service context within a network. Intermediary nodes located along the path of a data flow apply various security services to the data flow, and keep a record of the security services by generating in-band and out-of-band information. The in-band information is limited, e.g., by the maximum transmission unit (MTU) to short attestations that fit within optional IPv6 extension headers. The out-of-bound information, which is recorded, e.g., in a ledger using an overlay network, provides additional information fully describing the security services. Based on the in-band and out-of-band information (e.g., using the attestations to retrieve the additional information from the ledger), the data flow is either allowed or denied entrance to a particular workload. Applying the security services and generating the in-band and out-of-band information can be performed using data processing units (DPUs) and/or an extended Berkley packet filters (eBPFs).

公开(公告)号：US20240028708A1

公开(公告)日：2024-01-25

申请号：US18083838

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Oleg Bessonov

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/552

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for executable code of an application by observing executions of transitions during an observation period and determining destinations of indirect transfers based on the learned control flow directed graph. Next a disassembly of the executable code is determined based on the learned control flow directed graph, the destinations of the transfers, and the executable code.

公开(公告)号：US11700275B2

公开(公告)日：2023-07-11

申请号：US17360910

申请日：2021-06-28

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Andrew Zawadowskiy ,  Donovan O'Hara ,  Saravanan Radhakrishnan ,  Tomas Pevny ,  Daniel G. Wing

IPC: H04L9/40 ,  H04L69/16

CPC classification number: H04L63/145 ,  H04L63/1408 ,  H04L63/166 ,  H04L69/16 ,  H04L2463/121

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

公开(公告)号：US20220417158A1

公开(公告)日：2022-12-29

申请号：US17357461

申请日：2021-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Oleg Bessonov ,  Hendrikus G. P. Bosch

IPC: H04L12/851

Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.

公开(公告)号：US09660833B2

公开(公告)日：2017-05-23

申请号：US14274220

申请日：2014-05-09

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Donovan O'Hara

IPC: H04L12/64 ,  H04L12/805 ,  H04L12/26

CPC classification number: H04L12/6418 ,  H04L43/026 ,  H04L43/0876 ,  H04L47/36

Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.

公开(公告)号：US20150096008A1

公开(公告)日：2015-04-02

申请号：US14041107

申请日：2013-09-30

Applicant: Cisco Technology, Inc.

Inventor： Todd Short ,  Andrew Zawadowskiy ,  Antonio Martin ,  Vincent E. Parla

IPC: H04L29/06 ,  H04L12/721

CPC classification number: H04L63/0227 ,  H04L45/306 ,  H04L45/566 ,  H04L63/0245 ,  H04L63/08 ,  H04L63/10 ,  H04L67/02

Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.

Abstract translation: 描述了一种用于提供权威的基于应用的路由和改进的应用防火墙的方法以及应用分类的方法。 提供用于基于权威应用的路由的方法的第一实施例包括使用应用标识符来标记分组，并且将标记的分组推送到网络以使应用标识符能够用于路由和优先级决策。 在第二实施例中，用于改进应用防火墙的方法包括使用应用标识符来最小化防火墙在分析分组信息时所需的处理量。

公开(公告)号：US20240291800A1

公开(公告)日：2024-08-29

申请号：US18115374

申请日：2023-02-28

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Oleg Bessonov ,  Andrew Zawadowskiy

IPC: H04L9/40

CPC classification number: H04L63/0254 ,  H04L63/0272

Abstract: Techniques for auto tuning keepalive packets intervals to an optimal interval are described. A remote secure session between a client device and a server over a network is established. A determination is made to identify an optimal keepalive interval for sending packets to keep the remote secure session alive over the network, the optimal keepalive interval defining an amount of time between sending of packets that keep a connection open through middleboxes in the network. Keepalive test probes are transmitted by the client device and to the server at different time intervals. An optimal keepalive interval is determined based at least in part on the keepalive test probes transmitted at the different intervals. The client device transmits information indicating the optimal keepalive interval to the server. Finally, the client device transmits keepalive packets according to the optimal keepalive interval.

公开(公告)号：US20240028743A1

公开(公告)日：2024-01-25

申请号：US18084121

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Andrew Zawadowskiy

IPC: G06F21/57 ,  G06F8/41

CPC classification number: G06F21/577 ,  G06F8/433 ,  G06F2221/033

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a program and subsequently determining valid target destinations for transitions within the program. The instructions of the program may be executed by determining a destination for a transition, performing the transition when the destination is included in the list of valid target destinations, and performing a secondary action when the destination is not included in the list of valid target destinations.