The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 20, 2024
Filed:
Dec. 28, 2023
Netskope, Inc., Santa Clara, CA (US);
Dagmawi Mulugeta, London, GB;
Wu-Sheng Lin, Taoyuan, TW;
Colin Davidson Estep, Vienna, VA (US);
Raymond Jospeh Canzanese, Jr., Philadelphia, PA (US);
Yong Zheng, Santa Clara, CA (US);
Haoxin Hu, San Jose, CA (US);
Yongxing Wang, San Ramon, CA (US);
Siying Yang, Saratoga, CA (US);
Netskope, Inc., Santa Clara, CA (US);
Abstract
Presented is a network security system (NSS) that reliably detects malleable C2 traffic. The NSS intercepts outgoing transactions from user devices associated with user accounts. The NSS filters out transactions to known benign servers and analyzes remaining transactions for indicators of malleable command and control (C2) including heuristic, anomalous, and pattern-based detections. The NSS lowers the user confidence score associated with the user account or the user device based on the severity and number of detected indicators for each impacted outgoing transaction. When the user confidence score decreases below a threshold, the NSS implements a restricted security protocol for future outgoing transactions. Based on the detected indications, the NSS can identify malleable C2 attacker servers and add them to a blacklist of destination servers to further identify infected user accounts and devices.