Passive decryption of encrypted traffic to generate more accurate machine learning training data

Invention Grant

US11196546B2 Passive decryption of encrypted traffic to generate more accurate machine learning training data 有权

Please log in to see more content

Patent Title: Passive decryption of encrypted traffic to generate more accurate machine learning training data
Application No.: US16701373

Application Date: 2019-12-03
Publication No.: US11196546B2

Publication Date: 2021-12-07
Inventor: Blake Harrell Anderson , Andrew Chi , David McGrew , Scott William Dunlop
Applicant: Cisco Technology, Inc.
Applicant Address: US CA San Jose
Assignee: Cisco Technology, Inc.
Current Assignee: Cisco Technology, Inc.
Current Assignee Address: US CA San Jose
Agency: Behmke Innovation Group LLC
Agent James M. Behmke; Jonathon P. Western
Main IPC: H04L29/06
IPC: H04L29/06 ; H04W72/04 ; H04L9/08 ; G06N5/02

Passive decryption of encrypted traffic to generate more accurate machine learning training data

Abstract:

In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

Information query

Espacenet