Invention Application
- Patent Title: SYSTEM AND METHOD OF DETECTING HIDDEN PROCESSES BY ANALYZING PACKET FLOWS
-
Application No.: US16846117Application Date: 2020-04-10
-
Publication No.: US20200244554A1Publication Date: 2020-07-30
- Inventor: Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang
- Applicant: Cisco Technology, Inc.
- Main IPC: H04L12/26
- IPC: H04L12/26 ; G06F16/174 ; G06F16/23 ; G06N99/00 ; G06F16/17 ; G06F16/13 ; G06F16/11 ; G06F16/16 ; H04L12/715 ; H04L12/725 ; H04L29/08 ; H04L29/06 ; H04L12/841 ; G06T11/20 ; G06F3/0482 ; H04L12/721 ; H04L12/833 ; H04L12/24 ; H04L12/851 ; H04L12/741 ; H04L12/801 ; H04L12/823 ; H04L12/813 ; H04L29/12 ; H04J3/14 ; H04J3/06 ; H04L9/32 ; H04L9/08 ; H04W72/08 ; H04L1/24 ; G06F3/0484 ; H04L12/723 ; G06F21/53 ; H04W84/18 ; G06F21/56 ; G06F21/55 ; G06F16/2457 ; G06F16/9535 ; G06F16/28 ; G06F16/248 ; G06F16/29 ; G06N20/00 ; G06F9/455
Abstract:
A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.
Public/Granted literature
- US11601349B2 System and method of detecting hidden processes by analyzing packet flows Public/Granted day:2023-03-07
Information query
