The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 15, 2021
Filed:
Sep. 04, 2018
Cisco Technology, Inc., San Jose, CA (US);
Jan Jusko, Prague, CZ;
Martin Rehak, Prague, CZ;
Danila Khikhlukha, Prague, CZ;
Harshit Nayyar, Alberta, CA;
Cisco Technology, Inc., San Jose, CA (US);
Abstract
In one embodiment, a service receives a plurality of process hashes for processes executed by a plurality of devices. The service receives traffic data indicative of traffic between the plurality of devices and a plurality of remote server domains. The service forms a bipartite graph based on the processes hashes and the traffic data. A node of the graph represents a particular process hash or server domain and an edge between nodes in the graph represents network traffic between a process and a server domain. The service identifies, based on the bipartite graph, a subset of the plurality of processes as exhibiting polymorphic malware behavior. The service causes performance of a mitigation action in the network based on the identified subset of processes identified as exhibiting polymorphic malware behavior.