公开(公告)号：US11272268B2

公开(公告)日：2022-03-08

申请号：US17389537

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08 ,  H04Q9/02 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

公开(公告)号：US20210360336A1

公开(公告)日：2021-11-18

申请号：US17389537

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L29/06 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

公开(公告)号：US20240007774A1

公开(公告)日：2024-01-04

申请号：US18368969

申请日：2023-09-15

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L9/40 ,  H04Q9/00 ,  H04L9/30

CPC classification number: H04Q9/02 ,  H04L63/166 ,  H04L63/0428 ,  H04Q9/00 ,  H04L9/3066 ,  H04L63/0823 ,  H04Q2209/30

Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.

公开(公告)号：US20170201810A1

公开(公告)日：2017-07-13

申请号：US15083586

申请日：2016-03-29

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L9/30 ,  H04L29/06

CPC classification number: H04Q9/02 ,  H04L9/3066 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/166 ,  H04Q9/00 ,  H04Q2209/30

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

公开(公告)号：US11800260B2

公开(公告)日：2023-10-24

申请号：US17154053

申请日：2021-01-21

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L9/12 ,  H04L9/32 ,  H04Q9/02 ,  H04L9/40 ,  H04Q9/00 ,  H04L9/30

CPC classification number: H04Q9/02 ,  H04L9/3066 ,  H04L63/0428 ,  H04L63/166 ,  H04Q9/00 ,  H04L63/0823 ,  H04Q2209/30

Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.

公开(公告)号：US20210144455A1

公开(公告)日：2021-05-13

申请号：US17154053

申请日：2021-01-21

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L29/06 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method includes receiving a traffic flow including a plurality of packets encrypted using a cryptographic protocol, determining cryptographic protocol data of the traffic flow, and transmitting telemetry data of the traffic flow including the cryptographic protocol data. In another embodiment, a method includes receiving telemetry data of a traffic flow including a plurality of packets encrypted using a cryptographic protocol, the telemetry data including cryptographic protocol data of the traffic flow, classifying the traffic flow based on the cryptographic protocol data using a machine learning classifier; and taking a remedial action with respect to the traffic flow based on the classification of the traffic flow.

公开(公告)号：US20220232299A1

公开(公告)日：2022-07-21

申请号：US17716214

申请日：2022-04-08

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04Q9/02 ,  H04L9/40 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

公开(公告)号：US10362373B2

公开(公告)日：2019-07-23

申请号：US15083586

申请日：2016-03-29

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L9/32 ,  H04Q9/02 ,  H04L29/06 ,  H04L9/30 ,  H04Q9/00

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.

公开(公告)号：US11477548B2

公开(公告)日：2022-10-18

申请号：US17716214

申请日：2022-04-08

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08 ,  H04Q9/02 ,  H04L9/40 ,  H04Q9/00 ,  H04L9/30

Abstract: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.

公开(公告)号：US10932017B2

公开(公告)日：2021-02-23

申请号：US16436489

申请日：2019-06-10

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David Arthur McGrew ,  Alison Kendler

IPC: H04L9/32 ,  H04L9/08 ,  H04Q9/02 ,  H04L29/06 ,  H04Q9/00 ,  H04L9/30 ,  H04L9/06

Abstract: In one embodiment, a method includes receiving a flow including a plurality of bytes, each byte having one of a plurality of byte values, determining a byte value distribution metric based on a number of instances of each of the plurality of byte values in the flow, and transmitting telemetry data regarding the flow, the telemetry data including the byte value distribution metric.