System and method of detecting hidden processes by analyzing packet flows

Invention Grant

US11601349B2 System and method of detecting hidden processes by analyzing packet flows 有权

Please log in to see more content

Patent Title: System and method of detecting hidden processes by analyzing packet flows
Application No.: US16846117

Application Date: 2020-04-10
Publication No.: US11601349B2

Publication Date: 2023-03-07
Inventor: Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang
Applicant: Cisco Technology, Inc.
Applicant Address: US CA San Jose
Assignee: Cisco Technology, Inc.
Current Assignee: Cisco Technology, Inc.
Current Assignee Address: US CA San Jose
Agency: Polsinelli
Main IPC: H04L29/06
IPC: H04L29/06 ; H04L43/045 ; H04L9/40 ; G06F9/455 ; G06N20/00 ; G06F21/55 ; G06F21/56 ; G06F16/28 ; G06F16/2457 ; G06F16/248 ; G06F16/29 ; G06F16/16 ; G06F16/17 ; G06F16/11 ; G06F16/13 ; G06F16/174 ; G06F16/23 ; G06F16/9535 ; G06N99/00 ; H04L9/32 ; H04L41/0668 ; H04L43/0805 ; H04L43/0811 ; H04L43/0852 ; H04L43/106 ; H04L45/00 ; H04L45/50 ; H04L67/12 ; H04L43/026 ; H04L61/5007 ; H04L67/01 ; H04L67/51 ; H04L67/75 ; H04L67/1001 ; H04L43/062 ; H04L43/10 ; H04L47/2441 ; H04L41/0893 ; H04L43/08 ; H04L43/04 ; H04W84/18 ; H04L67/10 ; H04L41/046 ; H04L43/0876 ; H04L41/12 ; H04L41/16 ; H04L41/0816 ; G06F21/53 ; H04L41/22 ; G06F3/04842 ; G06F3/04847 ; H04L41/0803 ; H04L43/0829 ; H04L43/16 ; H04L1/24 ; H04W72/08 ; H04L9/08 ; H04J3/06 ; H04J3/14 ; H04L47/20 ; H04L47/32 ; H04L43/0864 ; H04L47/11 ; H04L69/22 ; H04L45/74 ; H04L47/2483 ; H04L43/0882 ; H04L41/0806 ; H04L43/0888 ; H04L43/12 ; H04L47/31 ; G06F3/0482 ; G06T11/20 ; H04L43/02 ; H04L47/28 ; H04L69/16 ; H04L45/302 ; H04L67/50

System and method of detecting hidden processes by analyzing packet flows

Abstract:

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Public/Granted literature

US20200244554A1 SYSTEM AND METHOD OF DETECTING HIDDEN PROCESSES BY ANALYZING PACKET FLOWS Public/Granted day:2020-07-30

Information query

Espacenet