知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

41 records (took 0.016 seconds)

    CORRELATING ENDPOINT AND NETWORK VIEWS TO IDENTIFY EVASIVE APPLICATIONS
    11.
    发明申请
    CORRELATING ENDPOINT AND NETWORK VIEWS TO IDENTIFY EVASIVE APPLICATIONS 审中-公开

    公开(公告)号:US20200329059A1

    公开(公告)日:2020-10-15

    申请号:US16912471

    申请日:2020-06-25

    Applicant: Cisco Technology, Inc.

    Inventor: Blake Harrell Anderson David McGrew Vincent E. Parla Jan Jusko Martin Grill Martin Vejman

    IPC: H04L29/06 G06F21/55 H04L9/32 G06F21/44 G06F21/52

    Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

    Classification of IoT devices based on their network traffic
    12.
    发明授权
    Classification of IoT devices based on their network traffic 有权

    公开(公告)号:US10749770B2

    公开(公告)日:2020-08-18

    申请号:US16156020

    申请日:2018-10-10

    Applicant: Cisco Technology, Inc.

    Inventor: Jan Kohout Martin Grill Martin Kopp Lukas Bajer

    IPC: H04L12/28 H04L12/26 H04L12/851

    Abstract: In one embodiment, a traffic analysis service obtains telemetry data regarding network traffic associated with a device in a network. The traffic analysis service forms a histogram of frequencies of the traffic features from the telemetry data for the device. The traffic features are indicative of endpoints with which the device communicated. The traffic analysis service associates a device type with the device, by comparing the histogram of the traffic features from the telemetry data to histograms of traffic features associated with other devices. The traffic analysis service initiates, based on the device type associated with the device, an adjustment to treatment of the traffic associated with the device by the network.

    MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA
    16.
    发明申请
    MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA 审中-公开

    公开(公告)号:US20200267164A1

    公开(公告)日:2020-08-20

    申请号:US16869726

    申请日:2020-05-08

    Applicant: Cisco Technology, Inc.

    Inventor: Blake Harrell Anderson David McGrew Subharthi Paul Ivan Nikolaev Martin Grill

    IPC: H04L29/06

    Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

    Correlating endpoint and network views to identify evasive applications
    17.
    发明授权
    Correlating endpoint and network views to identify evasive applications 有权

    公开(公告)号:US10735441B2

    公开(公告)日:2020-08-04

    申请号:US15848150

    申请日:2017-12-20

    Applicant: Cisco Technology, Inc.

    Inventor: Blake Harrell Anderson David McGrew Vincent E. Parla Jan Jusko Martin Grill Martin Vejman

    IPC: H04L29/06 G06F21/55 H04L9/32 G06F21/44 G06F21/52

    Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

    Tracking users over network hosts based on user behavior
    19.
    发明授权
    Tracking users over network hosts based on user behavior 有权

    公开(公告)号:US10129271B2

    公开(公告)日:2018-11-13

    申请号:US14723605

    申请日:2015-05-28

    Applicant: Cisco Technology, Inc.

    Inventor: Jan Mrkos Martin Grill Jan Kohout

    IPC: H04L29/06 H04L29/08 H04L29/12

    Abstract: A method of tracking users over network hosts based on behavior includes analyzing data representing behavior of active network hosts during two or more time windows at a computing apparatus having connectivity to a network. Based on the analyzing, a profile is generated for each network host active in the network during the two or more time windows. Similarity between the profiles for the two or more time windows are determined and, based on the similarity, it may be determined that an identity associated with one of the active network hosts during a time window of the two or more time windows has changed.

Patent Agency Ranking