-
1.发明公开公开(公告)号:US20240305539A1
公开(公告)日:2024-09-12
申请号:US18668697
申请日:2024-05-20
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
IPC: H04L41/28 , G06F21/55 , H04L9/40 , H04L67/143 , H04W12/12
CPC classification number: H04L41/28 , G06F21/55 , H04L63/14 , H04L63/1425 , H04L63/1441 , H04W12/12 , H04L63/20 , H04L67/143
Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
-
公开(公告)号:US12088607B2
公开(公告)日:2024-09-10
申请号:US18592137
申请日:2024-02-29
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L9/40
CPC classification number: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
3.发明公开公开(公告)号:US20240195705A1
公开(公告)日:2024-06-13
申请号:US18583370
申请日:2024-02-21
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
IPC: H04L41/28 , G06F21/55 , H04L9/40 , H04L67/143 , H04W12/12
CPC classification number: H04L41/28 , G06F21/55 , H04L63/14 , H04L63/1425 , H04L63/1441 , H04W12/12 , H04L63/20 , H04L67/143
Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
-
公开(公告)号:US20170142151A1
公开(公告)日:2017-05-18
申请号:US15421447
申请日:2017-02-01
Applicant: Cisco Technology, Inc.
Inventor: Jan JUSKO , Tomas Pevny , Martin Rehak
CPC classification number: H04L63/1441 , H04L43/08 , H04L61/2007 , H04L63/10 , H04L63/101 , H04L63/1433 , H04L63/1458 , H04L67/10 , H04L67/42
Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
-
公开(公告)号:US09596321B2
公开(公告)日:2017-03-14
申请号:US14748281
申请日:2015-06-24
Applicant: Cisco Technology, Inc.
Inventor: Jan Jusko , Tomas Pevny , Martin Rehak
CPC classification number: H04L63/1441 , H04L43/08 , H04L61/2007 , H04L63/10 , H04L63/101 , H04L63/1433 , H04L63/1458 , H04L67/10 , H04L67/42
Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
Abstract translation: 在一个实施例中,一种方法包括为执行统计测试的多个IP地址对中的每一个接收客户机和服务器的客户端 - 服务器连接数据,所述数据包括对应于服务器的IP地址,以确定是否在 一个IP地址对根据连接到一个IP地址对中的每个IP地址的客户端的数量,由公共客户端相关联,生成包括多个顶点和边缘的图形,每个顶点对应于不同的IP 地址,每个边缘对应于在统计测试中确定为由普通客户端相关的不同IP地址对,并且对生成簇的顶点进行聚类,其中一个集群中的一个IP地址的子集提供IP地址的指示 服务于同一应用程序的服务器。
-
Patent Agency Ranking
6.发明授权公开(公告)号:US11632309B2
公开(公告)日:2023-04-18
申请号:US17376924
申请日:2021-07-15
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Martin Rehak , Blake Harrell Anderson , Sunil Amin
IPC: H04L41/28 , H04L9/40 , H04W12/12 , G06F21/55 , H04L67/143
Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
-
公开(公告)号:US11310246B2
公开(公告)日:2022-04-19
申请号:US16100361
申请日:2018-08-10
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L29/06
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US10574679B2
公开(公告)日:2020-02-25
申请号:US15421969
申请日:2017-02-01
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak
Abstract: Access logs associated with user requests for a web-based resource are monitored. Parameter(s) that index records of the web-based resource are identified. A baseline distribution(s) of values of the parameter(s) are generated and, based on the baseline distribution(s), a baseline entropy of the parameter(s) is calculated. A distribution(s) of values of the parameters associated with user requests made by a particular user is generated and, based on the distribution(s), an entropy of the parameter(s) associated with the user requests is calculated. The entropy is compared to the baseline entropy. If a difference between the baseline entropy and the entropy exceeds a threshold, it is determined that the particular user poses a security threat to the web-based resource.
-
公开(公告)号:US20200053103A1
公开(公告)日:2020-02-13
申请号:US16100361
申请日:2018-08-10
Applicant: Cisco Technology, Inc.
Inventor: Martin Rehak , David McGrew , Blake Harrell Anderson , Scott William Dunlop
IPC: H04L29/06
Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US10440035B2
公开(公告)日:2019-10-08
申请号:US14955480
申请日:2015-12-01
Applicant: Cisco Technology, Inc.
Inventor: Karel Bartos , Martin Rehak
Abstract: Identifying malicious communications by generating data representative of network traffic based on adaptive sampling includes, at a computing device having connectivity to a network, obtaining a set of data flows representing network traffic between one or more nodes in the network and one or more domains outside of the network, wherein each data flow in the set of data flows includes a plurality of data packets. One or more features are extracted from the set of data flows based on statistical measurements of the set of data flows. The set of data flows are adaptively sampled based on at least the one or more features. Then, data representative of the network traffic is generated based on the adaptively sampling to identify malicious communication channels in the network traffic.
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.028 seconds)
