公开(公告)号：US20200280536A1

公开(公告)日：2020-09-03

申请号：US16288628

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Constantinos Kleopa ,  Michael Joseph Stepanek ,  Silviu Dorin Minut ,  Carter Ryan Waxman

IPC: H04L29/06 ,  H04L12/851 ,  H04L12/859 ,  H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a traffic analysis service identifies a client in a network having an associated traffic flow that was blocked by a firewall. The traffic analysis service obtains traffic telemetry data regarding one or more subsequent traffic flows associated with the identified client that are subsequent to the blocked flow. The traffic analysis service uses a machine learning-based classifier to determine that the identified client is exhibiting evasive network behavior, based on the obtained traffic telemetry data. The traffic analysis service initiates a mitigation action in the network, based on the determination that the identified client is exhibiting evasive network behavior.

公开(公告)号：US10027627B2

公开(公告)日：2018-07-17

申请号：US14877116

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Hari Shankar ,  Constantinos Kleopa ,  Venkatesh N. Gautam ,  Gerald N. A. Selvam

IPC: H04L29/00 ,  H04L29/06

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

公开(公告)号：US12184694B2

公开(公告)日：2024-12-31

申请号：US17531063

申请日：2021-11-19

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Keith Richard Schomburg ,  Michael Scott Dorsey ,  Constantinos Kleopa

IPC: G06F21/60 ,  H04L9/40 ,  H04L65/1066 ,  H04L69/14 ,  H04L69/08

Abstract: In one embodiment, a device obtains one or more packets of a traffic session in a network. The device determines, for a particular packet of the one or more packets that match a filter, a fingerprint for the particular packet. The device identifies a plurality of traffic sessions whose packets match the fingerprint, wherein each of the plurality of traffic sessions is associated with at least one process. The device updates a process with the traffic session by applying a classifier to the plurality of traffic sessions.

公开(公告)号：US20170104722A1

公开(公告)日：2017-04-13

申请号：US14877116

申请日：2015-10-07

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Hari Shankar ,  Constantinos Kleopa ,  Venkatesh N. Gautam ,  Gerald N.A. Selvam

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0254 ,  H04L63/1425

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

公开(公告)号：US11310205B2

公开(公告)日：2022-04-19

申请号：US16288628

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Constantinos Kleopa ,  Michael Joseph Stepanek ,  Silviu Dorin Minut ,  Carter Ryan Waxman

IPC: H04L29/06 ,  H04L12/851 ,  G06N20/00 ,  H04L12/24 ,  H04L12/859 ,  H04L47/2441 ,  H04L47/2483 ,  H04L41/16 ,  H04L47/2475

Abstract: In one embodiment, a traffic analysis service identifies a client in a network having an associated traffic flow that was blocked by a firewall. The traffic analysis service obtains traffic telemetry data regarding one or more subsequent traffic flows associated with the identified client that are subsequent to the blocked flow. The traffic analysis service uses a machine learning-based classifier to determine that the identified client is exhibiting evasive network behavior, based on the obtained traffic telemetry data. The traffic analysis service initiates a mitigation action in the network, based on the determination that the identified client is exhibiting evasive network behavior.

公开(公告)号：US20220078208A1

公开(公告)日：2022-03-10

申请号：US17531063

申请日：2021-11-19

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Keith Richard Schomburg ,  Michael Scott Dorsey ,  Constantinos Kleopa

IPC: H04L29/06

Abstract: In one embodiment, a device obtains one or more packets of a traffic session in a network. The device determines, for a particular packet of the one or more packets that match a filter, a fingerprint for the particular packet. The device identifies a plurality of traffic sessions whose packets match the fingerprint, wherein each of the plurality of traffic sessions is associated with at least one process. The device updates a process with the traffic session by applying a classifier to the plurality of traffic sessions.