公开(公告)号：US20220182412A1

公开(公告)日：2022-06-09

申请号：US17585752

申请日：2022-01-27

Applicant: CACI, Inc. - Federal

Inventor： John A. BORAK

IPC: H04L9/40 ,  G06N3/08

Abstract: The present application describes a method for evaluating probes. One step of the method includes configuring a client with a service to lure a probe associated with traffic flowing via an encrypted pathway to a node on a network. Another step of the method includes monitoring activity of the probe on the network and an interaction between the probe and the service on the node. Yet another step of the method includes determining, via a trained predictive machine learning model, in real-time whether the activity or the interaction exceeds a confidence threshold indicating a threat to the network. A further step of the method includes tagging the probe based upon the determination. Yet even a further step of the method includes updating a security policy of the network in view of the tagged probe.

公开(公告)号：US20220078171A1

公开(公告)日：2022-03-10

申请号：US17460696

申请日：2021-08-30

Applicant: CACI, Inc. - Federal

Inventor： John A. BORAK ,  Eric W. HSIUNG ,  Michael J. CHEN

IPC: H04L29/06

Abstract: The present application describes, in an embodiment, a method including one or more steps. One step of the method may include receiving, at a gateway including an encrypted pathway, traffic from a third party originating outside a multi-hop network intended for a client inside the network. Another step of the method may include determining, using a trained machine learning model, a probe of the received traffic attempting to obtain confidential information about the multi-hop network. Yet another step of the method may include flagging the third party based on determined probe.

公开(公告)号：US20220078174A1

公开(公告)日：2022-03-10

申请号：US17460656

申请日：2021-08-30

Applicant: CACI, Inc. - Federal

Inventor： John A. BORAK ,  Eric W. HSIUNG ,  Michael J. CHEN

IPC: H04L29/06

Abstract: The present application describes, in an embodiment, a system which includes a non-transitory memory including executable instructions for obfuscating traffic. The system also includes a processor operably coupled to the non-transitory memory configured to execute a set of instructions. The set of instructions may include receiving, at a gateway, traffic from plural clients on a home network. The set of instructions may also include identifying a protocol type of the received traffic. The set of instructions may also include parsing the received traffic based on the protocol type. The set of instructions may also include creating an encrypted pathway to support flow of the received traffic associated with the protocol type to a destination. The set of instructions may also include transmitting, via the created encrypted pathway, the traffic associated with the protocol type to a destination.