Patent · US Active

Structural command and control detection of polymorphic malware

US11038900B2 · kind B2 · utility

7Cited by

4References

18Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Jan Jusko · Praha, CZ
Martin Rehak · Praha, CZ
Danila Khikhlukha · Praha, CZ
Harshit Nayyar · Lone Pine, CA

Key dates

Filing date	Sep 4, 2018
Grant date	Jun 15, 2021
Priority date	—
Expiry date	Mar 15, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/145
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a service receives a plurality of process hashes for processes executed by a plurality of devices. The service receives traffic data indicative of traffic between the plurality of devices and a plurality of remote server domains. The service forms a bipartite graph based on the processes hashes and the traffic data. A node of the graph represents a particular process hash or server domain and an edge between nodes in the graph represents network traffic between a process and a server domain. The service identifies, based on the bipartite graph, a subset of the plurality of processes as exhibiting polymorphic malware behavior. The service causes performance of a mitigation action in the network based on the identified subset of processes identified as exhibiting polymorphic malware behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.