-
1.发明申请公开(公告)号:US20190068362A1
公开(公告)日:2019-02-28
申请号:US15692288
申请日:2017-08-31
Applicant: Cisco Technology, Inc.
Inventor: BLAKE HARRELL ANDERSON , Andrew Chi , David McGrew , Scott William Dunlop
Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.
Search Results
1
records
(took 0.009 seconds)
