Patent · US Active

Passive decryption on encrypted traffic to generate more accurate machine learning training data

US10536268B2 · kind B2 · utility

20Cited by

6References

18Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Blake Harrell Anderson · Chapel Hill, US
Andrew Chi · Boston, US
David McGrew · Poolesville, US
Scott William Dunlop · Des Moines, US

Key dates

Filing date	Aug 31, 2017
Grant date	Jan 14, 2020
Priority date	—
Expiry date	Feb 14, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/00
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.