知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

37 records (took 0.021 seconds)

    Ransomware detection using file replication logs
    21.
    发明授权
    Ransomware detection using file replication logs 有权

    公开(公告)号:US11019095B2

    公开(公告)日:2021-05-25

    申请号:US16261682

    申请日:2019-01-30

    Applicant: Cisco Technology, Inc.

    Inventor: Martin Grill Lukas Bajer Martin Kopp Jan Kohout

    IPC: H04L29/06

    Abstract: In one embodiment, a device in a network obtains log data regarding replication of files stored on an endpoint client to a file replication service. The device tracks, based on the obtained logs, encryption changes to the files that convert the files from unencrypted files to encrypted files. The device determines that the tracked encryption changes to the files are indicative of a ransomware infection on the endpoint client. The device initiates a mitigation action regarding the ransomware infection.

    Identifying self-signed certificates using HTTP access logs for malware detection
    22.
    发明授权
    Identifying self-signed certificates using HTTP access logs for malware detection 有权

    公开(公告)号:US10965704B2

    公开(公告)日:2021-03-30

    申请号:US16447150

    申请日:2019-06-20

    Applicant: Cisco Technology, Inc.

    Inventor: Martin Kopp Martin Grill Jan Kohout

    IPC: H04L29/06 H04L9/32

    Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.

    Classification of IoT devices based on their network traffic
    24.
    发明授权
    Classification of IoT devices based on their network traffic 有权

    公开(公告)号:US10749770B2

    公开(公告)日:2020-08-18

    申请号:US16156020

    申请日:2018-10-10

    Applicant: Cisco Technology, Inc.

    Inventor: Jan Kohout Martin Grill Martin Kopp Lukas Bajer

    IPC: H04L12/28 H04L12/26 H04L12/851

    Abstract: In one embodiment, a traffic analysis service obtains telemetry data regarding network traffic associated with a device in a network. The traffic analysis service forms a histogram of frequencies of the traffic features from the telemetry data for the device. The traffic features are indicative of endpoints with which the device communicated. The traffic analysis service associates a device type with the device, by comparing the histogram of the traffic features from the telemetry data to histograms of traffic features associated with other devices. The traffic analysis service initiates, based on the device type associated with the device, an adjustment to treatment of the traffic associated with the device by the network.

    Detection of malicious network connections
    27.
    发明授权
    Detection of malicious network connections 有权

    公开(公告)号:US09531742B2

    公开(公告)日:2016-12-27

    申请号:US15095076

    申请日:2016-04-10

    Applicant: Cisco Technology, Inc.

    Inventor: Jan Kohout Jan Jusko Tomas Pevny Martin Rehak

    IPC: H04L29/06

    CPC classification number: H04L63/1425 H04L63/1408 H04L63/1441 H04L63/145 H04L63/1466 H04L63/1491 H04L63/164 H04L63/20

    Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.

    COMPREHENSIBLE THREAT DETECTION
    29.
    发明公开
    COMPREHENSIBLE THREAT DETECTION 审中-公开

    公开(公告)号:US20240259414A1

    公开(公告)日:2024-08-01

    申请号:US18632209

    申请日:2024-04-10

    Applicant: Cisco Technology, Inc.

    Inventor: Jan Kohout Cenek Skarda Martin Kopp Kyrylo Shcherbin Jaroslav Hlavac

    IPC: H04L9/40

    CPC classification number: H04L63/1425

    Abstract: Techniques for combining threat-related events associated with different modalities to provide a complete insight into cyber attack life cycles. The techniques may include receiving telemetry data associated with one or more modalities and detecting, based at least in part on the telemetry data, one or more abnormal events associated with security incidents. The one or more abnormal events may include at least a first abnormal event associated with a first modality and a second abnormal event associated with a second modality. The techniques may also include determining that an entity associated with the abnormal events is a same entity and, based at least in part on the entity comprising the same entity, determining that a correlation between the abnormal events is indicative of a security incident. Based at least in part on the correlation, an indication associated with the security incident may be output.

Patent Agency Ranking