The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 13, 2024
Filed:
Aug. 26, 2022
Applicant:
Cisco Technology, Inc., San Jose, CA (US);
Inventors:
Khawar Deen, Sunnyvale, CA (US);
Navindra Yadav, Cupertino, CA (US);
Anubhav Gupta, Fremont, CA (US);
Shashidhar Gandham, Fremont, CA (US);
Rohit Chandra Prasad, Sunnyvale, CA (US);
Abhishek Ranjan Singh, Pleasanton, CA (US);
Shih-Chun Chang, San Jose, CA (US);
Assignee:
Cisco Technology, Inc., San Jose, CA (US);
Attorney:
Primary Examiner:
Int. Cl.
CPC ...
H04L 9/40 (2022.01); G06F 16/00 (2019.01); G06F 21/60 (2013.01); H04L 43/045 (2022.01); G06F 9/455 (2018.01); G06N 20/00 (2019.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 16/28 (2019.01); G06F 16/2457 (2019.01); G06F 16/248 (2019.01); G06F 16/29 (2019.01); G06F 16/16 (2019.01); G06F 16/17 (2019.01); G06F 16/11 (2019.01); G06F 16/13 (2019.01); G06F 16/174 (2019.01); G06F 16/23 (2019.01); G06F 16/9535 (2019.01); G06N 99/00 (2019.01); H04L 9/32 (2006.01); H04L 41/0668 (2022.01); H04L 43/0805 (2022.01); H04L 43/0811 (2022.01); H04L 43/0852 (2022.01); H04L 43/106 (2022.01); H04L 45/00 (2022.01); H04L 45/50 (2022.01); H04L 67/12 (2022.01); H04L 43/026 (2022.01); H04L 61/5007 (2022.01); H04L 67/01 (2022.01); H04L 67/51 (2022.01); H04L 67/75 (2022.01); H04L 67/1001 (2022.01); H04W 72/54 (2023.01); H04L 43/062 (2022.01); H04L 43/10 (2022.01); H04L 47/2441 (2022.01); H04L 41/0893 (2022.01); H04L 43/08 (2022.01); H04L 43/04 (2022.01); H04W 84/18 (2009.01); H04L 67/10 (2022.01); H04L 41/046 (2022.01); H04L 43/0876 (2022.01); H04L 41/12 (2022.01); H04L 41/16 (2022.01); H04L 41/0816 (2022.01); G06F 21/53 (2013.01); H04L 41/22 (2022.01); G06F 3/04842 (2022.01); G06F 3/04847 (2022.01); H04L 41/0803 (2022.01); H04L 43/0829 (2022.01); H04L 43/16 (2022.01); H04L 1/24 (2006.01); H04L 9/08 (2006.01); H04J 3/06 (2006.01); H04J 3/14 (2006.01); H04L 47/20 (2022.01); H04L 47/32 (2022.01); H04L 43/0864 (2022.01); H04L 47/11 (2022.01); H04L 69/22 (2022.01); H04L 45/74 (2022.01); H04L 47/2483 (2022.01); H04L 43/0882 (2022.01); H04L 41/0806 (2022.01); H04L 43/0888 (2022.01); H04L 43/12 (2022.01); H04L 47/31 (2022.01); G06F 3/0482 (2013.01); G06T 11/20 (2006.01); H04L 43/02 (2022.01); H04L 47/28 (2022.01); H04L 69/16 (2022.01); H04L 45/302 (2022.01); H04L 67/50 (2022.01);
U.S. Cl.
CPC ...
H04L 43/045 (2013.01); G06F 3/0482 (2013.01); G06F 3/04842 (2013.01); G06F 3/04847 (2013.01); G06F 9/45558 (2013.01); G06F 16/122 (2019.01); G06F 16/137 (2019.01); G06F 16/162 (2019.01); G06F 16/17 (2019.01); G06F 16/173 (2019.01); G06F 16/174 (2019.01); G06F 16/1744 (2019.01); G06F 16/1748 (2019.01); G06F 16/235 (2019.01); G06F 16/2322 (2019.01); G06F 16/2365 (2019.01); G06F 16/248 (2019.01); G06F 16/24578 (2019.01); G06F 16/285 (2019.01); G06F 16/288 (2019.01); G06F 16/29 (2019.01); G06F 16/9535 (2019.01); G06F 21/53 (2013.01); G06F 21/552 (2013.01); G06F 21/556 (2013.01); G06F 21/566 (2013.01); G06N 20/00 (2019.01); G06N 99/00 (2013.01); G06T 11/206 (2013.01); H04J 3/0661 (2013.01); H04J 3/14 (2013.01); H04L 1/242 (2013.01); H04L 9/0866 (2013.01); H04L 9/3239 (2013.01); H04L 9/3242 (2013.01); H04L 41/046 (2013.01); H04L 41/0668 (2013.01); H04L 41/0803 (2013.01); H04L 41/0806 (2013.01); H04L 41/0816 (2013.01); H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 41/16 (2013.01); H04L 41/22 (2013.01); H04L 43/02 (2013.01); H04L 43/026 (2013.01); H04L 43/04 (2013.01); H04L 43/062 (2013.01); H04L 43/08 (2013.01); H04L 43/0805 (2013.01); H04L 43/0811 (2013.01); H04L 43/0829 (2013.01); H04L 43/0841 (2013.01); H04L 43/0858 (2013.01); H04L 43/0864 (2013.01); H04L 43/0876 (2013.01); H04L 43/0882 (2013.01); H04L 43/0888 (2013.01); H04L 43/10 (2013.01); H04L 43/106 (2013.01); H04L 43/12 (2013.01); H04L 43/16 (2013.01); H04L 45/306 (2013.01); H04L 45/38 (2013.01); H04L 45/46 (2013.01); H04L 45/507 (2013.01); H04L 45/66 (2013.01); H04L 45/74 (2013.01); H04L 47/11 (2013.01); H04L 47/20 (2013.01); H04L 47/2441 (2013.01); H04L 47/2483 (2013.01); H04L 47/28 (2013.01); H04L 47/31 (2013.01); H04L 47/32 (2013.01); H04L 61/5007 (2022.05); H04L 63/0227 (2013.01); H04L 63/0263 (2013.01); H04L 63/06 (2013.01); H04L 63/0876 (2013.01); H04L 63/145 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01); H04L 63/16 (2013.01); H04L 63/20 (2013.01); H04L 67/01 (2022.05); H04L 67/10 (2013.01); H04L 67/1001 (2022.05); H04L 67/12 (2013.01); H04L 67/51 (2022.05); H04L 67/75 (2022.05); H04L 69/16 (2013.01); H04L 69/22 (2013.01); H04W 72/54 (2023.01); H04W 84/18 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2101 (2013.01); G06F 2221/2105 (2013.01); G06F 2221/2111 (2013.01); G06F 2221/2115 (2013.01); G06F 2221/2145 (2013.01); H04L 67/535 (2022.05);
Abstract
A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.