Invention Application
- Patent Title: MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA
-
Application No.: US16869726Application Date: 2020-05-08
-
Publication No.: US20200267164A1Publication Date: 2020-08-20
- Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
- Applicant: Cisco Technology, Inc.
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
Public/Granted literature
- US11108810B2 Malware classification and attribution through server fingerprinting using server certificate data Public/Granted day:2021-08-31
Information query
