Invention Grant
- Patent Title: OS start event detection, OS fingerprinting, and device tracking using enhanced data features
-
Application No.: US17382627Application Date: 2021-07-22
-
Publication No.: US11748477B2Publication Date: 2023-09-05
- Inventor: David McGrew , Blake Harrell Anderson , Subharthi Paul
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: BEHMKE INNOVATION GROUP LLC
- Agent James M. Behmke; Jonathon P. Western
- Main IPC: G06F21/55
- IPC: G06F21/55 ; H04L41/16 ; H04L9/40 ; G06N20/00 ; G06F21/56 ; H04L67/50 ; G06F9/4401 ; G06F11/14
Abstract:
In one embodiment, a device in a network tracks traffic features indicated by header information of packets of an encrypted traffic flow over time. The encrypted traffic flow is associated with a particular host in the network. The device detects an operating system start event based on the traffic features and provides data regarding the detected operating system start event as input to a machine learning-based malware detector to determine whether the particular host with which the encrypted traffic flow is associated is infected with malware. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.
Public/Granted literature
- US20210349996A1 OS START EVENT DETECTION, OS FINGERPRINTING, AND DEVICE TRACKING USING ENHANCED DATA FEATURES Public/Granted day:2021-11-11
Information query
