公开(公告)号：US20240031389A1

公开(公告)日：2024-01-25

申请号：US18158696

申请日：2023-01-24

Applicant: Netskope, Inc.

Inventor： Raymond Joseph Canzanese, JR. ,  Colin Estep ,  Siying Yang ,  Jenko Hwong ,  Gustavo Palazolo Eiras ,  Yongxing Wang ,  Dagmawi Mulugeta

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/102

Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that trains a cloud traffic classifier to classify cross-application communications as malicious command and control (C2) traffic or benign cloud traffic. The training uses blocks of malicious Hypertext Transfer Protocol (HTTP) transactions targeted at a plurality of cloud applications by a plurality of clients prequalified as malicious command and control (C2) cloud traffic, and also blocks of benign HTTP transactions targeted at the plurality of cloud applications by the plurality of clients prequalified as benign cloud traffic. A cloud traffic classifier is trained on the cross-application malicious training example set and on the cross-application benign training example set by processing the blocks of the malicious and benign HTTP transactions as inputs, and generating outputs that classify the training examples as respectively malicious C2 cloud traffic or benign cloud traffic.

公开(公告)号：US20230127836A1

公开(公告)日：2023-04-27

申请号：US18069146

申请日：2022-12-20

Applicant: Netskope, Inc.

Inventor： Joshua David Batson ,  Raymond Joseph Canzanese, JR.

IPC: H04L9/40 ,  G06F16/906 ,  G06F16/901

Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis, through graph-based clustering. The graph used to form clusters includes entities in the computer network represented as scored nodes, and relationships of entities as weighted edges. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the weighted edges. The propagated scores at visited nodes are normalized by attenuation based on contributing neighboring nodes of a respective visited node. An aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranked and prioritized for analysis, pursuant to the aggregate scores.