公开(公告)号：US20240333750A1

公开(公告)日：2024-10-03

申请号：US18622874

申请日：2024-03-30

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Hugo Mike Latapie

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1483

Abstract: The present disclosure is directed to training email users to enhance awareness of attempted spear phishing by attackers observing user actions to build a model of user susceptibilities using a trained LLM. A service in an intrusion prevention system can receive from one or more accounts linked to an enterprise and provide a message, along with a prompt to the LLM, stimulating the generation of one or more variants of the received messages that exhibit similar content characteristics. The LLM can produce a set of variant messages encompassing these content characteristics, purposefully including one or more phishing traits identified during training with the prelabeled dataset. These variant messages are then transmitted to the relevant accounts to assess interactions with the set. Based on the interactions observed across the accounts, an interaction score is generated to evaluate the efficacy of the user's training to avoid phishing attempts within the enterprise environment.

公开(公告)号：US20240333747A1

公开(公告)日：2024-10-03

申请号：US18360676

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Blake Anderson ,  Hugo Mike Latapie ,  Oleg Bessonov ,  David Arthur McGrew ,  Michael Roytman ,  Tian Bu ,  William Michael Hudson, JR. ,  Nancy Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/145

Abstract: In one aspect, a method includes creating a polymorphic variant of a sample of malware, analyzing the polymorphic variant of the sample of malware by a security management service to determine if the polymorphic variant of the sample of malware evades detection by the security management service, when the security management service fails to detect the polymorphic variant during the analysis of the polymorphic variant, detonating the polymorphic variant in a virtualized environment to identify characterizations of the polymorphic variant, and training the security management service to detect the polymorphic variant based on the characterizations.

公开(公告)号：US20240330481A1

公开(公告)日：2024-10-03

申请号：US18494521

申请日：2023-10-25

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman ,  Vincent Parla ,  Andrew Zawadowskiy ,  William Michael Hudson, JR.

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/31 ,  G06F21/552

Abstract: A system and method are provided for predicting the method of exploitation and impact/scope of software vulnerabilities, thereby enabling improved remediation of the software vulnerabilities. A machine learning (ML) method receives threat-intelligence information of the software vulnerabilities and generates a threat vector based on a security category and a data or schema category of the software vulnerability. The ML method can include a first portion constrained to predict a first intermediary result corresponding to the security category of the software vulnerability. The ML method can include a second portion constrained to predict a second intermediary result corresponding to the data or schema category of the software vulnerability.

公开(公告)号：US20240330365A1

公开(公告)日：2024-10-03

申请号：US18361405

申请日：2023-07-28

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Oleg Bessonov ,  Vincent Parla

IPC: G06F16/901 ,  G06F11/34

CPC classification number: G06F16/9024 ,  G06F11/3476

Abstract: A system and method are provided for generating a cybersecurity behavioral graph from a log files and/or other telemetry data, which can be unstructured or semi-structured data. The log files are applied to a machine learning (ML) model (e.g., a large language model (LLM)) that generates/extract from the log files entities and relationships between said entities. The entities and relationships can be constrained using a cybersecurity ontology or schema to ensure that the results are meaningful to a cybersecurity context. A graph is then generated by mapping the extracted entities to nodes in the graph and the relationships to edges connecting nodes. To more efficiently extract the entities and relationships from the data file, an LLM is used to generate regular expressions for the format of the log files. Once generated, the regular expressions can rapidly parse the log files to extract the entities and relationships.

公开(公告)号：US12231456B2

公开(公告)日：2025-02-18

申请号：US18361405

申请日：2023-07-28

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Oleg Bessonov ,  Vincent Parla

IPC: G06F21/31 ,  G06F11/34 ,  G06F16/334 ,  G06F16/34 ,  G06F16/901 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  H04L9/40

Abstract: A system and method are provided for generating a cybersecurity behavioral graph from a log files and/or other telemetry data, which can be unstructured or semi-structured data. The log files are applied to a machine learning (ML) model (e.g., a large language model (LLM)) that generates/extract from the log files entities and relationships between said entities. The entities and relationships can be constrained using a cybersecurity ontology or schema to ensure that the results are meaningful to a cybersecurity context. A graph is then generated by mapping the extracted entities to nodes in the graph and the relationships to edges connecting nodes. To more efficiently extract the entities and relationships from the data file, an LLM is used to generate regular expressions for the format of the log files. Once generated, the regular expressions can rapidly parse the log files to extract the entities and relationships.

公开(公告)号：US20250039164A1

公开(公告)日：2025-01-30

申请号：US18918809

申请日：2024-10-17

Applicant: Cisco Technology, Inc.

Inventor： Danxiang Li ,  Vincent Parla ,  Andrzej Kielbasinski ,  Dany Jacques Rochefort

IPC: H04L9/40 ,  G06F21/60 ,  H04L9/30

Abstract: Systems and methods are provided for receiving information associated with a final single sign-on page from a native browser, extracting a public key from the information associated with the final single sign-on page, generating a single sign-on token to bind a browser session and a native application session, associating the single sign-on token with the public key extracted from the information associated with the final single sign-on page, and encrypting the single sign-on token with the public key to bind the browser session and the native application session.

公开(公告)号：US12199970B2

公开(公告)日：2025-01-14

申请号：US17377294

申请日：2021-07-15

Applicant: Cisco Technology, Inc.

Inventor： Danxiang Li ,  Vincent Parla ,  Andrzej Kielbasinski ,  Dany Jacques Rochefort

IPC: H04L9/40 ,  G06F21/60 ,  H04L9/30

Abstract: Systems and methods are provided for receiving information associated with a final single sign-on page from a native browser, extracting a public key from the information associated with the final single sign-on page, generating a single sign-on token to bind a browser session and a native application session, associating the single sign-on token with the public key extracted from the information associated with the final single sign-on page, and encrypting the single sign-on token with the public key to bind the browser session and the native application session.

公开(公告)号：US11902168B2

公开(公告)日：2024-02-13

申请号：US17357461

申请日：2021-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Oleg Bessonov ,  Hendrikus G. P. Bosch

IPC: H04L47/24

CPC classification number: H04L47/24

Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.

公开(公告)号：US11689642B2

公开(公告)日：2023-06-27

申请号：US17376646

申请日：2021-07-15

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Kyle Andrew Donald Mestery

IPC: H04L67/63 ,  H04L67/1001 ,  H04L45/74 ,  H04L47/2475

CPC classification number: H04L67/63 ,  H04L45/74 ,  H04L47/2475 ,  H04L67/1001

Abstract: Techniques for using computer networking protocol extensions to route control-plane traffic and data-plane traffic associated with a common application are described herein. For instance, a traffic flow associated with an application may be established such that control-plane traffic is sent to a control-plane node associated with the application and data-plane traffic is sent to a data-plane node associated with the application. When a client device sends an authentication request to connect to the application, the control-plane node may send an indication of a hostname to be used by the client device to send data-plane traffic to the data-node. As such, when a packet including the hostname corresponding with the data-plane node is received, the packet may be forwarded to the data-plane node.

公开(公告)号：US20230097734A1

公开(公告)日：2023-03-30

申请号：US17491163

申请日：2021-09-30

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Kyle Andrew Donald Mestery ,  Rahim Lalani ,  Scott Roy Fluhrer

IPC: H04L29/06

Abstract: A system and computer-implemented method for routing an encrypted packet through a cloud enforcement network based on a metadata tag. The cloud enforcement network applies policy and routing attributions or tags outside of the encrypted packet payload in such a way as to not require an inner packet to first be decrypted. Traffic prioritization, data protection, and per application policies are achieved by using such metadata tags for internode routing without the need for DPI or decryption. Furthermore, the metadata itself can also be signed or encrypted depending on the provenance of the data. As such, applying meta-tagging external to an encrypted packet, the payload would not be needed to be decrypted during transit of the packet to express end-to-end policy and routing decisions.