Invention Grant
- Patent Title: Anomaly detection through header field entropy
-
Application No.: US16846149Application Date: 2020-04-10
-
Publication No.: US11496377B2Publication Date: 2022-11-08
- Inventor: Navindra Yadav , Mohammadreza Alizadeh Attar , Shashidhar Gandham , Jackson Ngoc Ki Pang , Roberto Fernando Spadaro
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Polsinelli
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L43/045 ; H04L9/40 ; G06F9/455 ; G06N20/00 ; G06F21/55 ; G06F21/56 ; G06F16/28 ; G06F16/2457 ; G06F16/248 ; G06F16/29 ; G06F16/16 ; G06F16/17 ; G06F16/11 ; G06F16/13 ; G06F16/174 ; G06F16/23 ; G06F16/9535 ; G06N99/00 ; H04L9/32 ; H04L41/0668 ; H04L43/0805 ; H04L43/0811 ; H04L43/0852 ; H04L43/106 ; H04L45/00 ; H04L45/50 ; H04L67/12 ; H04L43/026 ; H04L61/5007 ; H04L67/01 ; H04L67/51 ; H04L67/75 ; H04L67/1001 ; H04L43/062 ; H04L43/10 ; H04L47/2441 ; H04L41/0893 ; H04L43/08 ; H04L43/04 ; H04W84/18 ; H04L67/10 ; H04L41/046 ; H04L43/0876 ; H04L41/12 ; H04L41/16 ; H04L41/0816 ; G06F21/53 ; H04L41/22 ; G06F3/04842 ; G06F3/04847 ; H04L41/0803 ; H04L43/0829 ; H04L43/16 ; H04L1/24 ; H04W72/08 ; H04L9/08 ; H04J3/06 ; H04J3/14 ; H04L47/20 ; H04L47/32 ; H04L43/0864 ; H04L47/11 ; H04L69/22 ; H04L45/74 ; H04L47/2483 ; H04L43/0882 ; H04L41/0806 ; H04L43/0888 ; H04L43/12 ; H04L47/31 ; G06F3/0482 ; G06T11/20 ; H04L43/02 ; H04L47/28 ; H04L69/16 ; H04L45/302 ; H04L67/50
Abstract:
An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.
Public/Granted literature
- US20200313986A1 ANOMALY DETECTION THROUGH HEADER FIELD ENTROPY Public/Granted day:2020-10-01
Information query
