Patent · US Active

Detecting evasive network behaviors using machine learning

US11310205B2 · kind B2 · utility

3Cited by

2References

20Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Constantinos Kleopa · Clarksville, US
Michael Joseph Stepanek · Hollis, US
Silviu Dorin Minut · Severna Park, US
Carter Ryan Waxman · Willow Grove, US

Key dates

Filing date	Feb 28, 2019
Grant date	Apr 19, 2022
Priority date	—
Expiry date	May 31, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/145
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a traffic analysis service identifies a client in a network having an associated traffic flow that was blocked by a firewall. The traffic analysis service obtains traffic telemetry data regarding one or more subsequent traffic flows associated with the identified client that are subsequent to the blocked flow. The traffic analysis service uses a machine learning-based classifier to determine that the identified client is exhibiting evasive network behavior, based on the obtained traffic telemetry data. The traffic analysis service initiates a mitigation action in the network, based on the determination that the identified client is exhibiting evasive network behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.