公开(公告)号：US12069081B1

公开(公告)日：2024-08-20

申请号：US18398669

申请日：2023-12-28

Applicant: Netskope, Inc.

Inventor： Dagmawi Mulugeta ,  Wu-Sheng Lin ,  Colin Davidson Estep ,  Raymond Jospeh Canzanese, Jr. ,  Yong Zheng ,  Haoxin Hu ,  Yongxing Wang ,  Siying Yang

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0245 ,  H04L63/102 ,  H04L63/1433

Abstract: Presented is a network security system (NSS) that reliably detects malleable C2 traffic. The NSS intercepts outgoing transactions from user devices associated with user accounts. The NSS filters out transactions to known benign servers and analyzes remaining transactions for indicators of malleable command and control (C2) including heuristic, anomalous, and pattern-based detections. The NSS lowers the user confidence score associated with the user account or the user device based on the severity and number of detected indicators for each impacted outgoing transaction. When the user confidence score decreases below a threshold, the NSS implements a restricted security protocol for future outgoing transactions. Based on the detected indications, the NSS can identify malleable C2 attacker servers and add them to a blacklist of destination servers to further identify infected user accounts and devices.