公开(公告)号：US20160337389A1

公开(公告)日：2016-11-17

申请号：US14844379

申请日：2015-09-03

Applicant: Cisco Technology, Inc.

Inventor： Vojtech Létal ,  Tomás Pevný ,  Petr Somol

IPC: H04L29/06 ,  G06Q50/00

CPC classification number: H04L63/1425 ,  G06Q50/01 ,  H04L63/1441

Abstract: Data is collected from a database arrangement about behavior of observed entities, wherein the collected data includes one or more features associated with the observed entities. A probabilistic model is determined that correlates the one or more features with malicious and/or benign behavior of the observed entities. Data is collected from the database arrangement for unobserved entities that have at least one common feature with at least one of the observed entities. One of the unobserved entities is determined to be a malicious entity based on the at least one common feature and the probabilistic model. Network policies are applied to packets sent from the malicious entity.

Abstract translation: 从关于观察到的实体的行为的数据库布置中收集数据，其中所收集的数据包括与所观察到的实体相关联的一个或多个特征。 确定将一个或多个特征与观察到的实体的恶意和/或良性行为相关联的概率模型。 从与观察到的实体中的至少一个具有至少一个共同特征的未观察实体的数据库布置中收集数据。 基于至少一个共同特征和概率模型，将未观察实体之一确定为恶意实体。 网络策略适用于从恶意实体发送的数据包。