Patent · US Active

System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack

US10454793B2 · kind B2 · utility

33Cited by

182References

20Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Khawar Deen · Sunnyvale, US
Navindra Yadav · San Jose, US
Anubhav Gupta · Fremont, US
Shashidhar Gandham · Fremont, US
Rohit Chandra Prasad · Sunnyvale, US
Abhishek Ranjan Singh · Arya nagar, IN
Shih-Chun Chang · San Jose, US

Key dates

Filing date	Jun 2, 2016
Grant date	Oct 22, 2019
Priority date	—
Expiry date	Jul 6, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/535
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.