18417256. MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA simplified abstract (Cisco Technology, Inc.)
Contents
MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA
Organization Name
Inventor(s)
Blake Harrell Anderson of Chapel Hill NC (US)
David Mcgrew of Poolesville MD (US)
Subharthi Paul of Fremont CA (US)
MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA - A simplified explanation of the abstract
This abstract first appeared for US patent application 18417256 titled 'MALWARE CLASSIFICATION AND ATTRIBUTION THROUGH SERVER FINGERPRINTING USING SERVER CERTIFICATE DATA
In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines data features from the certificate data and flow characteristics of the traffic flow. Using a machine learning-based classifier, the device classifies an application executed by the client node based on the data features and flow characteristics. The device then takes a network action based on the classification result.
- Device in a network receives certificate data for encrypted traffic flow
- Determines data features and flow characteristics
- Classifies application using machine learning-based classifier
- Takes network action based on classification result
Potential Applications: - Network security - Traffic analysis - Application performance optimization
Problems Solved: - Efficient classification of applications in encrypted traffic flows - Enhanced network security measures
Benefits: - Improved network performance - Enhanced security protocols - Streamlined traffic analysis processes
Commercial Applications: Title: Network Traffic Classification and Optimization Technology This technology can be utilized by network security companies, internet service providers, and IT departments of large organizations to enhance network performance, optimize application execution, and strengthen security measures.
Questions about Network Traffic Classification and Optimization Technology:
1. How does this technology improve network security measures? This technology enhances network security by efficiently classifying applications in encrypted traffic flows, allowing for better monitoring and control of network activities.
2. What are the potential applications of this technology beyond network security? In addition to network security, this technology can be applied in traffic analysis for performance optimization and resource allocation in networks.
Original Abstract Submitted
In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
