公开(公告)号：US10382468B2

公开(公告)日：2019-08-13

申请号：US15640622

申请日：2017-07-03

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56

Abstract: A device may include one or more processors to receive a file that may be analyzed for malware; open the received file in a secure environment; determine that a secondary file in the secure environment may have been accessed based on the received file being opened; analyze the secondary file in the secure environment to identify malware; and/or perform an action associated with the received file based on the secondary file being analyzed.

公开(公告)号：US10291748B1

公开(公告)日：2019-05-14

申请号：US15335384

申请日：2016-10-26

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L12/28 ,  H04L29/06 ,  H04L12/801

Abstract: The disclosed apparatus may include a storage device that stores a set of routes. In this example, the apparatus may also include a processing unit that is communicatively coupled to the storage device. This processing unit may (1) analyze an unknown flow of packets that are destined for a certain node, (2) identify at least one characteristic of the unknown flow based at least in part on the analysis, (3) determine, based at least in part on the characteristic, that the unknown flow of packets likely represents traffic that corresponds to a specific application, (4) predictively select, from the set of routes, a non-default route that facilitates transfer to the certain node in connection with the specific application, and then (5) forward a first packet of the unknown flow to the certain node by way of the non-default route. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11902330B1

公开(公告)日：2024-02-13

申请号：US17304200

申请日：2021-06-16

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L2463/146

Abstract: A device may receive data identifying malicious behavior by a compromised endpoint device associated with a network and may receive user identity data identifying a user of the compromised endpoint device associated with the network. The device may receive endpoint device data identifying the compromised endpoint device and other endpoint devices associated with the network and may receive network device data identifying network devices associated with the network. The device may utilize the data identifying malicious behavior, the user identity data, and the endpoint device data to generate, based on an identity of the user, a security policy to isolate the malicious behavior. The device may cause the security policy to be provided to the network devices and the other endpoint devices based on the network device data and the endpoint device data.

公开(公告)号：US12047410B2

公开(公告)日：2024-07-23

申请号：US17651510

申请日：2022-02-17

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods ,  Pavan Lakshmi Kumar Jonnadula ,  Nikhil Gavraskar ,  Anurag Raghuvanshi

IPC: H04L9/40

CPC classification number: H04L63/1475 ,  H04L63/1425 ,  H04L63/20

Abstract: In some implementations, a security device may receive a traffic flow. The security device may determine an amount of a padding included in the traffic flow. The security device may determine whether the amount of the padding included in the traffic flow satisfies a padding threshold. The security device may perform, based on the amount of the padding satisfying the padding threshold, offloading for the traffic flow. The security device may inspect, based on the amount of the padding failing to satisfy the padding threshold, an entire portion of the traffic flow.

公开(公告)号：US10862805B1

公开(公告)日：2020-12-08

申请号：US16051119

申请日：2018-07-31

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods ,  Guangsong Huang

IPC: H04L29/08 ,  H04L12/803 ,  H04L12/851 ,  H04L12/721 ,  H04L12/26 ,  H04L12/725 ,  H04L12/741 ,  H04W52/02 ,  H04L29/06

Abstract: A network device may receive a packet associated with a traffic flow of a session that includes session identification information for the session. The network device may determine to offload subsequent packets associated with the traffic flow using offloading indicators and/or a data model. The network device may store, using a data structure, the session identification information with other session identification information for other sessions that have been selected for offloading, and may provide the packet to a device. The network device may receive another packet associated with the traffic flow, and may determine to offload the other packet by determining that the other packet includes the session identification information. The device may offload the other packet to permit the other packet to traverse through the network device without the network device performing security checks on the other packet, and may provide the other packet to the device.

公开(公告)号：US10735469B1

公开(公告)日：2020-08-04

申请号：US15640495

申请日：2017-07-01

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: G06F17/00 ,  H04L29/06 ,  H04L12/26

Abstract: The disclosed apparatus may include a storage device that stores a set of security policies. In this example, the apparatus may also include a physical processor that is communicatively coupled to the storage device. This physical processor may (1) analyze an unknown flow of packets that are destined for a target node within the network, (2) identify at least one characteristic of the unknown flow of packets based at least in part on the analysis, (3) predictively select, from the set of security policies stored in the storage device, a security policy to apply to the unknown flow of packets based at least in part on the characteristic of the unknown flow of packets, and then (4) perform at least one security action defined by the predictively selected security policy on the unknown flow of packets. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US11032318B2

公开(公告)日：2021-06-08

申请号：US16055665

申请日：2018-08-06

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L29/06 ,  G06F21/45 ,  G06F21/60

Abstract: A device receives end user device information for end user devices associated with a network, and creates a data structure that includes the end user device information. The device creates a data structure that includes false account credentials, and maps the end user device information and the false account credentials to create a mapped data structure. The device provides the false account credentials to memory locations of corresponding ones of the end user devices, and provides information from the mapped data structure to one or more network devices associated with the network, wherein the information from the mapped data structure enables the one or more network devices to detect an unauthorized access attempt of the network using one or more of the false account credentials.

公开(公告)号：US10972508B1

公开(公告)日：2021-04-06

申请号：US16206001

申请日：2018-11-30

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L29/06 ,  G06N20/00

Abstract: A device receives information identifying malicious behavior by a compromised endpoint device associated with a network and traffic associated with the compromised endpoint device after the malicious behavior is identified. The device receives endpoint device information identifying other endpoint devices associated with the network, wherein the compromised endpoint device is not one of the other endpoint devices. The device receives network device information identifying network devices associated with the network, and processes the traffic, the endpoint device information, and the network device information, with a machine learning model, to generate a security policy to isolate the malicious behavior. The device performs one or more actions based on the security policy to isolate the malicious behavior.

公开(公告)号：US10476629B2

公开(公告)日：2019-11-12

申请号：US15584625

申请日：2017-05-02

Applicant: Juniper Networks, Inc.

Inventor： Craig Dods

IPC: H04L1/00 ,  H04L12/801 ,  H04L12/851 ,  H04W36/28 ,  H04L29/08 ,  H04L29/06 ,  H04L12/803 ,  H04W40/18 ,  H04W24/02

Abstract: A device may receive a first portion of network traffic associated with a flow. The device may perform a first upper layer inspection of the first portion of network traffic associated with the flow. The device may identify a set of parameters of the flow based on performing the first upper layer inspection of the first portion of network traffic associated with the flow. The device may determine, based on the set of parameters, a sampling rate at which to perform a second upper layer inspection of a second portion of network traffic associated with the flow. The device may instruct a lower layer to use the sampling rate to provide the second portion of network traffic associated with the flow for the second upper layer inspection. The device may perform the second upper layer inspection of the second portion of network traffic associated with the flow based on receiving the second portion of network traffic associated with the flow from the lower layer. The device may perform an action with regard to the flow based on a result of performing the second upper layer inspection.