The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Nov. 08, 2022
Filed:
Apr. 10, 2020
Applicant:
Cisco Technology, Inc., San Jose, CA (US);
Inventors:
Navindra Yadav, Cupertino, CA (US);
Mohammadreza Alizadeh Attar, Cambridge, MA (US);
Shashidhar Gandham, Fremont, CA (US);
Jackson Ngoc Ki Pang, Sunnyvale, CA (US);
Roberto Fernando Spadaro, Milpitas, CA (US);
Assignee:
CISCO TECHNOLOGY, INC., San Jose, CA (US);
Attorney:
Primary Examiner:
Int. Cl.
CPC ...
H04L 29/06 (2006.01); H04L 43/045 (2022.01); H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06N 20/00 (2019.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 16/28 (2019.01); G06F 16/2457 (2019.01); G06F 16/248 (2019.01); G06F 16/29 (2019.01); G06F 16/16 (2019.01); G06F 16/17 (2019.01); G06F 16/11 (2019.01); G06F 16/13 (2019.01); G06F 16/174 (2019.01); G06F 16/23 (2019.01); G06F 16/9535 (2019.01); G06N 99/00 (2019.01); H04L 9/32 (2006.01); H04L 41/0668 (2022.01); H04L 43/0805 (2022.01); H04L 43/0811 (2022.01); H04L 43/0852 (2022.01); H04L 43/106 (2022.01); H04L 45/00 (2022.01); H04L 45/50 (2022.01); H04L 67/12 (2022.01); H04L 43/026 (2022.01); H04L 61/5007 (2022.01); H04L 67/01 (2022.01); H04L 67/51 (2022.01); H04L 67/75 (2022.01); H04L 67/1001 (2022.01); H04L 43/062 (2022.01); H04L 43/10 (2022.01); H04L 47/2441 (2022.01); H04L 41/0893 (2022.01); H04L 43/08 (2022.01); H04L 43/04 (2022.01); H04W 84/18 (2009.01); H04L 67/10 (2022.01); H04L 41/046 (2022.01); H04L 43/0876 (2022.01); H04L 41/12 (2022.01); H04L 41/16 (2022.01); H04L 41/0816 (2022.01); G06F 21/53 (2013.01); H04L 41/22 (2022.01); G06F 3/04842 (2022.01); G06F 3/04847 (2022.01); H04L 41/0803 (2022.01); H04L 43/0829 (2022.01); H04L 43/16 (2022.01); H04L 1/24 (2006.01); H04W 72/08 (2009.01); H04L 9/08 (2006.01); H04J 3/06 (2006.01); H04J 3/14 (2006.01); H04L 47/20 (2022.01); H04L 47/32 (2022.01); H04L 43/0864 (2022.01); H04L 47/11 (2022.01); H04L 69/22 (2022.01); H04L 45/74 (2022.01); H04L 47/2483 (2022.01); H04L 43/0882 (2022.01); H04L 41/0806 (2022.01); H04L 43/0888 (2022.01); H04L 43/12 (2022.01); H04L 47/31 (2022.01); G06F 3/0482 (2013.01); G06T 11/20 (2006.01); H04L 43/02 (2022.01); H04L 47/28 (2022.01); H04L 69/16 (2022.01); H04L 45/302 (2022.01); H04L 67/50 (2022.01);
U.S. Cl.
CPC ...
H04L 43/045 (2013.01); G06F 3/0482 (2013.01); G06F 3/04842 (2013.01); G06F 3/04847 (2013.01); G06F 9/45558 (2013.01); G06F 16/122 (2019.01); G06F 16/137 (2019.01); G06F 16/162 (2019.01); G06F 16/17 (2019.01); G06F 16/173 (2019.01); G06F 16/174 (2019.01); G06F 16/1744 (2019.01); G06F 16/1748 (2019.01); G06F 16/235 (2019.01); G06F 16/2322 (2019.01); G06F 16/2365 (2019.01); G06F 16/248 (2019.01); G06F 16/24578 (2019.01); G06F 16/285 (2019.01); G06F 16/288 (2019.01); G06F 16/29 (2019.01); G06F 16/9535 (2019.01); G06F 21/53 (2013.01); G06F 21/552 (2013.01); G06F 21/566 (2013.01); G06N 20/00 (2019.01); G06N 99/00 (2013.01); G06T 11/206 (2013.01); H04J 3/0661 (2013.01); H04J 3/14 (2013.01); H04L 1/242 (2013.01); H04L 9/0866 (2013.01); H04L 9/3239 (2013.01); H04L 9/3242 (2013.01); H04L 41/046 (2013.01); H04L 41/0668 (2013.01); H04L 41/0803 (2013.01); H04L 41/0806 (2013.01); H04L 41/0816 (2013.01); H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 41/16 (2013.01); H04L 41/22 (2013.01); H04L 43/02 (2013.01); H04L 43/026 (2013.01); H04L 43/04 (2013.01); H04L 43/062 (2013.01); H04L 43/08 (2013.01); H04L 43/0805 (2013.01); H04L 43/0811 (2013.01); H04L 43/0829 (2013.01); H04L 43/0841 (2013.01); H04L 43/0858 (2013.01); H04L 43/0864 (2013.01); H04L 43/0876 (2013.01); H04L 43/0882 (2013.01); H04L 43/0888 (2013.01); H04L 43/10 (2013.01); H04L 43/106 (2013.01); H04L 43/12 (2013.01); H04L 43/16 (2013.01); H04L 45/306 (2013.01); H04L 45/38 (2013.01); H04L 45/46 (2013.01); H04L 45/507 (2013.01); H04L 45/66 (2013.01); H04L 45/74 (2013.01); H04L 47/11 (2013.01); H04L 47/20 (2013.01); H04L 47/2441 (2013.01); H04L 47/2483 (2013.01); H04L 47/28 (2013.01); H04L 47/31 (2013.01); H04L 47/32 (2013.01); H04L 61/5007 (2022.05); H04L 63/0227 (2013.01); H04L 63/0263 (2013.01); H04L 63/06 (2013.01); H04L 63/0876 (2013.01); H04L 63/145 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01); H04L 63/16 (2013.01); H04L 63/20 (2013.01); H04L 67/01 (2022.05); H04L 67/10 (2013.01); H04L 67/1001 (2022.05); H04L 67/12 (2013.01); H04L 67/51 (2022.05); H04L 67/75 (2022.05); H04L 69/16 (2013.01); H04L 69/22 (2013.01); H04W 72/08 (2013.01); H04W 84/18 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2101 (2013.01); G06F 2221/2105 (2013.01); G06F 2221/2111 (2013.01); G06F 2221/2115 (2013.01); G06F 2221/2145 (2013.01); H04L 67/535 (2022.05);
Abstract
An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to 'hide' or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.