-
公开(公告)号:US20210360026A1
公开(公告)日:2021-11-18
申请号:US17390518
申请日:2021-07-30
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew
IPC: H04L29/06
Abstract: In one embodiment, a device in a network receives traffic sent from a first endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the received traffic based on the received padding response by adding one or more frames to the received traffic. The device sends the adjusted traffic to the second endpoint.
-
12.发明申请公开(公告)号:US20210344573A1
公开(公告)日:2021-11-04
申请号:US17376924
申请日:2021-07-15
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
-
公开(公告)号:US11108819B2
公开(公告)日:2021-08-31
申请号:US16594203
申请日:2019-10-07
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew
IPC: H04L29/06
Abstract: In one embodiment, a device in a network intercepts traffic sent from a first endpoint destined for a second endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the intercepted traffic based on the received padding response. The device sends the adjusted traffic to the second endpoint.
-
14.发明授权公开(公告)号:US11093609B2
公开(公告)日:2021-08-17
申请号:US16567377
申请日:2019-09-11
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Subharthi Paul
Abstract: In one embodiment, a device in a network tracks changes in a source port or address identifier indicated by network traffic associated with a particular host in the network. The device detects an operating system start event based on the track changes in the source port or address identifier indicated in the traffic data associated with the particular host. The device provides data regarding the detected operating system start event as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.
-
15.发明授权公开(公告)号:US11075820B2
公开(公告)日:2021-07-27
申请号:US15848101
申请日:2017-12-20
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
Abstract: In one embodiment, a service receives data regarding administration traffic in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the received data to determine whether the administration traffic is authorized. The service flags the received data as authorized, based on the analysis of the received data. The service uses the data flagged as authorized to distinguish between benign traffic and malicious traffic in the network.
-
Patent Agency Ranking
公开(公告)号:US20210006589A1
公开(公告)日:2021-01-07
申请号:US17029156
申请日:2020-09-23
Applicant: Cisco Technology, Inc.
Inventor: Jan Kohout , Blake Harrell Anderson , Martin Grill , David McGrew , Martin Kopp , Tomas Pevny
IPC: H04L29/06 , G06N20/00 , H04L12/24 , H04L12/851
Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.
-
公开(公告)号:US10812496B2
公开(公告)日:2020-10-20
申请号:US14872336
申请日:2015-10-01
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Blake Harrell Anderson
Abstract: In one embodiment, a method includes receiving data associated with a cluster at a computer and processing the data at the computer to automatically generate a description of the cluster. The data includes cluster data comprising data within the cluster and non-cluster data comprising a remaining set of the data. The description comprises a minimal set of features that uniquely defines the cluster to differentiate the cluster data from non-cluster data. An apparatus and logic are also disclosed herein.
-
公开(公告)号:US20200329059A1
公开(公告)日:2020-10-15
申请号:US16912471
申请日:2020-06-25
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Vincent E. Parla , Jan Jusko , Martin Grill , Martin Vejman
Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
-
公开(公告)号:US10554614B2
公开(公告)日:2020-02-04
申请号:US15191172
申请日:2016-06-23
Applicant: Cisco Technology, Inc.
Inventor: K. Tirumaleswar Reddy , David McGrew , Blake Harrell Anderson , Daniel G. Wing
Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.
-
公开(公告)号:US10362373B2
公开(公告)日:2019-07-23
申请号:US15083586
申请日:2016-03-29
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David Arthur McGrew , Alison Kendler
Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.
-
-
-
-
-
-
-
-
-
Search Results
153
records
(took 0.034 seconds)
