System and method for capturing malicious flows and associated context for threat analysis
US12261859B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 10, 2022 |
| Grant date | Mar 25, 2025 |
| Priority date | — |
| Expiry date | Sep 28, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.