公开(公告)号：US20240028708A1

公开(公告)日：2024-01-25

申请号：US18083838

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Oleg Bessonov

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/552

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for executable code of an application by observing executions of transitions during an observation period and determining destinations of indirect transfers based on the learned control flow directed graph. Next a disassembly of the executable code is determined based on the learned control flow directed graph, the destinations of the transfers, and the executable code.

公开(公告)号：US20220417158A1

公开(公告)日：2022-12-29

申请号：US17357461

申请日：2021-06-24

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Oleg Bessonov ,  Hendrikus G. P. Bosch

IPC: H04L12/851

Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.

公开(公告)号：US20240333747A1

公开(公告)日：2024-10-03

申请号：US18360676

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Blake Anderson ,  Hugo Mike Latapie ,  Oleg Bessonov ,  David Arthur McGrew ,  Michael Roytman ,  Tian Bu ,  William Michael Hudson, JR. ,  Nancy Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/145

Abstract: In one aspect, a method includes creating a polymorphic variant of a sample of malware, analyzing the polymorphic variant of the sample of malware by a security management service to determine if the polymorphic variant of the sample of malware evades detection by the security management service, when the security management service fails to detect the polymorphic variant during the analysis of the polymorphic variant, detonating the polymorphic variant in a virtualized environment to identify characterizations of the polymorphic variant, and training the security management service to detect the polymorphic variant based on the characterizations.

公开(公告)号：US20240330365A1

公开(公告)日：2024-10-03

申请号：US18361405

申请日：2023-07-28

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Oleg Bessonov ,  Vincent Parla

IPC: G06F16/901 ,  G06F11/34

CPC classification number: G06F16/9024 ,  G06F11/3476

Abstract: A system and method are provided for generating a cybersecurity behavioral graph from a log files and/or other telemetry data, which can be unstructured or semi-structured data. The log files are applied to a machine learning (ML) model (e.g., a large language model (LLM)) that generates/extract from the log files entities and relationships between said entities. The entities and relationships can be constrained using a cybersecurity ontology or schema to ensure that the results are meaningful to a cybersecurity context. A graph is then generated by mapping the extracted entities to nodes in the graph and the relationships to edges connecting nodes. To more efficiently extract the entities and relationships from the data file, an LLM is used to generate regular expressions for the format of the log files. Once generated, the regular expressions can rapidly parse the log files to extract the entities and relationships.

公开(公告)号：US20240291800A1

公开(公告)日：2024-08-29

申请号：US18115374

申请日：2023-02-28

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Oleg Bessonov ,  Andrew Zawadowskiy

IPC: H04L9/40

CPC classification number: H04L63/0254 ,  H04L63/0272

Abstract: Techniques for auto tuning keepalive packets intervals to an optimal interval are described. A remote secure session between a client device and a server over a network is established. A determination is made to identify an optimal keepalive interval for sending packets to keep the remote secure session alive over the network, the optimal keepalive interval defining an amount of time between sending of packets that keep a connection open through middleboxes in the network. Keepalive test probes are transmitted by the client device and to the server at different time intervals. An optimal keepalive interval is determined based at least in part on the keepalive test probes transmitted at the different intervals. The client device transmits information indicating the optimal keepalive interval to the server. Finally, the client device transmits keepalive packets according to the optimal keepalive interval.

公开(公告)号：US20240028701A1

公开(公告)日：2024-01-25

申请号：US18084177

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Thomas Szigeti ,  Oleg Bessonov ,  Ashok Krishnaji Moghe

IPC: G06F21/51

CPC classification number: G06F21/51 ,  G06F2221/033

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers.

公开(公告)号：US11443230B2

公开(公告)日：2022-09-13

申请号：US16135756

申请日：2018-09-19

Applicant: Cisco Technology, Inc.

Inventor： Nancy Cam-Winget ,  Subharthi Paul ,  Blake Anderson ,  Saman Taghavi Zargar ,  Oleg Bessonov ,  Robert Frederick Albach ,  Sanjay Kumar Agarwal ,  Mark Steven Knellinger

IPC: G06N20/00 ,  H04L9/40 ,  G06N5/04 ,  G06N20/20 ,  G06K9/62 ,  G06N7/00 ,  G06N20/10 ,  H04L67/12 ,  H04L67/00

Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.

公开(公告)号：US20250168188A1

公开(公告)日：2025-05-22

申请号：US19029102

申请日：2025-01-17

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Oleg Bessonov ,  Vincent Parla

IPC: H04L9/40 ,  G06F11/34 ,  G06F16/334 ,  G06F16/34 ,  G06F16/901 ,  G06F21/31 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57

Abstract: A system and method are provided for generating a cybersecurity behavioral graph from a log files and/or other telemetry data, which can be unstructured or semi-structured data. The log files are applied to a machine learning (ML) model (e.g., a large language model (LLM)) that generates/extract from the log files entities and relationships between said entities. The entities and relationships can be constrained using a cybersecurity ontology or schema to ensure that the results are meaningful to a cybersecurity context. A graph is then generated by mapping the extracted entities to nodes in the graph and the relationships to edges connecting nodes. To more efficiently extract the entities and relationships from the data file, an LLM is used to generate regular expressions for the format of the log files. Once generated, the regular expressions can rapidly parse the log files to extract the entities and relationships.

公开(公告)号：US20240028742A1

公开(公告)日：2024-01-25

申请号：US18084045

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Vincent E. Parla ,  Oleg Bessonov

IPC: G06F21/57 ,  G06F8/75 ,  G06F8/41

CPC classification number: G06F21/577 ,  G06F8/75 ,  G06F8/433 ,  G06F2221/033

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow diagram for a process on a computing system and monitoring execution of the process on the computing system using the control flow diagram. An unobserved transition is determined based on the learned control flow diagram and the unobserved transition is classified as safe or unsafe based on a monitoring component analysis. An action is performed based on the safety classification and the learned control flow diagram.

公开(公告)号：US20240028709A1

公开(公告)日：2024-01-25

申请号：US18084065

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Andrew Zawadowskiy ,  Oleg Bessonov ,  Vincent E. Parla

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/552

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a process executed on the computing system. A system call is identified during execution of the process as well as a predetermined number of transitions leading to the system call. A validity of the transitions leading the system call is determined based on the learned control flow directed graph and the computing system may perform an action based on the validity.