Passive decryption of encrypted traffic to generate more accurate machine learning training data

发明授权

US11196546B2 Passive decryption of encrypted traffic to generate more accurate machine learning training data 有权

请登陆查看更多内容

专利标题： Passive decryption of encrypted traffic to generate more accurate machine learning training data
申请号： US16701373

申请日： 2019-12-03
公开(公告)号： US11196546B2

公开(公告)日： 2021-12-07
发明人: Blake Harrell Anderson , Andrew Chi , David McGrew , Scott William Dunlop
申请人： Cisco Technology, Inc.
申请人地址： US CA San Jose
专利权人： Cisco Technology, Inc.
当前专利权人： Cisco Technology, Inc.
当前专利权人地址： US CA San Jose
代理机构： Behmke Innovation Group LLC
代理商 James M. Behmke; Jonathon P. Western
主分类号： H04L29/06
IPC分类号： H04L29/06 ; H04W72/04 ; H04L9/08 ; G06N5/02

Passive decryption of encrypted traffic to generate more accurate machine learning training data

摘要：

In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

信息查询

Espacenet