Network threat validation and monitoring
US11038906B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 2, 2018 |
| Grant date | Jun 15, 2021 |
| Priority date | — |
| Expiry date | Sep 13, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for identifying threats within a network include collecting network traffic data and providing the network traffic data to a classifier configured to identify patterns within the network traffic data consistent with malicious computing devices. The computing devices identified by the classifier are then validated to confirm whether they are, in fact, malicious. In one implementation, such validation is accomplished by interrogating suspected malicious computing devices with messages according to a particular communication protocol and determining whether corresponding responses received form the malicious computing devices are similarly in accordance with the communication protocol. In certain implementations, after identification and validation of a malicious computing device, an emulated computing device is used to continue communication with the malicious computing device and to log characteristics of such communications to further train the classifier.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.