公开(公告)号：US20200236131A1

公开(公告)日：2020-07-23

申请号：US16251322

申请日：2019-01-18

Applicant: Cisco Technology, Inc.

Inventor： Martin Vejman ,  Karel Bartos ,  Vitek Zlamal

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  G06N3/04 ,  G06N3/08 ,  G06N20/00

Abstract: In one embodiment, an encrypted traffic analytics service captures telemetry data regarding encrypted network traffic associated with a first endpoint device in a network. The encrypted traffic analytics service receives, from the first endpoint device, an indication that a security agent executed on the first endpoint device has detected malware on the first endpoint device. The encrypted traffic analytics service constructs one or more patterns of encrypted traffic using the captured telemetry data from a time period associated with the received indication. The encrypted traffic analytics service uses the one or more patterns of encrypted traffic to detect malware on a second endpoint device by comparing the one or more patterns of encrypted traffic to telemetry data regarding encrypted network traffic associated with the second endpoint device.