Invention Grant
- Patent Title: Malware classification and attribution through server fingerprinting using server certificate data
-
Application No.: US15353160Application Date: 2016-11-16
-
Publication No.: US10686831B2Publication Date: 2020-06-16
- Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Behmke Innovation Group LLC
- Agent James M. Behmke; Jonathon P. Western
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L9/32 ; G06N99/00 ; G06N20/00
Abstract:
In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
Public/Granted literature
- US20180139214A1 MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA Public/Granted day:2018-05-17
Information query
