公开(公告)号：US20190260775A1

公开(公告)日：2019-08-22

申请号：US15898789

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Karel Bartos ,  Vojtech Franc ,  Vit Zlamal

IPC: H04L29/06 ,  G06F21/56

Abstract: In one embodiment, a security device in a computer network determines a plurality of values for a plurality of features from samples of known malware, and computes one or more significant values out of the plurality of values, where each of the one or more significant values occurs across greater than a significance threshold of the samples. The security device may then determine feature values for samples of unlabeled traffic, and declares one or more particular samples of unlabeled traffic as synthetic malicious flow samples in response to all feature values for each synthetic malicious flow sample matching a respective one of the significant values for each corresponding respective feature. The security device may then use the samples of known malware and the synthetic malicious flow samples for model-based malware detection.

公开(公告)号：US10917421B2

公开(公告)日：2021-02-09

申请号：US15898789

申请日：2018-02-19

Applicant: Cisco Technology, Inc.

Inventor： Karel Bartos ,  Vojtech Franc ,  Vit Zlamal

IPC: G06F21/56 ,  G06F21/55 ,  H04L29/06

Abstract: In one embodiment, a security device in a computer network determines a plurality of values for a plurality of features from samples of known malware, and computes one or more significant values out of the plurality of values, where each of the one or more significant values occurs across greater than a significance threshold of the samples. The security device may then determine feature values for samples of unlabeled traffic, and declares one or more particular samples of unlabeled traffic as synthetic malicious flow samples in response to all feature values for each synthetic malicious flow sample matching a respective one of the significant values for each corresponding respective feature. The security device may then use the samples of known malware and the synthetic malicious flow samples for model-based malware detection.