Patents by Inventor Andrew Zawadowskiy
Andrew Zawadowskiy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902168Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.Type: GrantFiled: June 24, 2021Date of Patent: February 13, 2024Assignee: Cisco Technology, Inc.Inventors: Vincent Parla, Andrew Zawadowskiy, Oleg Bessonov, Hendrikus G. P. Bosch
-
Publication number: 20240028709Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a process executed on the computing system. A system call is identified during execution of the process as well as a predetermined number of transitions leading to the system call. A validity of the transitions leading the system call is determined based on the learned control flow directed graph and the computing system may perform an action based on the validity.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Andrew Zawadowskiy, Oleg Bessonov, Vincent E. Parla
-
Publication number: 20240028742Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow diagram for a process on a computing system and monitoring execution of the process on the computing system using the control flow diagram. An unobserved transition is determined based on the learned control flow diagram and the unobserved transition is classified as safe or unsafe based on a monitoring component analysis. An action is performed based on the safety classification and the learned control flow diagram.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Andrew Zawadowskiy, Vincent E. Parla, Oleg Bessonov
-
Publication number: 20240028743Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a program and subsequently determining valid target destinations for transitions within the program. The instructions of the program may be executed by determining a destination for a transition, performing the transition when the destination is included in the list of valid target destinations, and performing a secondary action when the destination is not included in the list of valid target destinations.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Vincent E. Parla, Andrew Zawadowskiy
-
Publication number: 20240028701Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Andrew Zawadowskiy, Vincent E. Parla, Thomas Szigeti, Oleg Bessonov, Ashok Krishnaji Moghe
-
Publication number: 20240028724Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. Transition to the monitoring phase may be based on determining a confidence score in the observed control flow directed graph and causing the transition when the confidence score is above a threshold.Type: ApplicationFiled: May 16, 2023Publication date: January 25, 2024Inventors: Vincent E. Parla, Andrew Zawadowskiy, Thomas Szigeti, Oleg Bessonov, Ashok Krishnaji Moghe
-
Publication number: 20240028708Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for executable code of an application by observing executions of transitions during an observation period and determining destinations of indirect transfers based on the learned control flow directed graph. Next a disassembly of the executable code is determined based on the learned control flow directed graph, the destinations of the transfers, and the executable code.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Andrew Zawadowskiy, Vincent E. Parla, Oleg Bessonov
-
Publication number: 20240028712Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining telemetry representing execution of a process on a computing system and accessing a learned control flow diagram graph for the process. A transfer of an instruction pointer is determined based on the telemetry and a validity of the transfer is determined based on the learned control flow directed graph. If invalid, then an action to terminate the process is determined, otherwise the action may be allowed to execute when valid.Type: ApplicationFiled: December 19, 2022Publication date: January 25, 2024Inventors: Vincent E. Parla, Andrew Zawadowskiy, Oleg Bessonov, Thomas Szigeti, Ashok Krishnaji Moghe
-
Patent number: 11700275Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: June 28, 2021Date of Patent: July 11, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Patent number: 11677650Abstract: In one embodiment, a monitoring engine obtains mesh flow data for traffic flows between nodes in a service mesh. The monitoring engine associates the mesh flow data with network traffic between an endpoint device and an edge of the service mesh. The monitoring engine identifies, based on the mesh flow data, a particular container workload associated with the traffic flows. The monitoring engine provides an indication that the particular container workload is associated with the network traffic between the endpoint device and the edge of the service mesh.Type: GrantFiled: September 28, 2021Date of Patent: June 13, 2023Assignee: Cisco Technology, Inc.Inventors: Vincent E. Parla, Kyle Andrew Donald Mestery, Andrew Zawadowskiy
-
Publication number: 20230099370Abstract: In one embodiment, a monitoring engine obtains mesh flow data for traffic flows between nodes in a service mesh. The monitoring engine associates the mesh flow data with network traffic between an endpoint device and an edge of the service mesh. The monitoring engine identifies, based on the mesh flow data, a particular container workload associated with the traffic flows. The monitoring engine provides an indication that the particular container workload is associated with the network traffic between the endpoint device and the edge of the service mesh.Type: ApplicationFiled: September 28, 2021Publication date: March 30, 2023Inventors: Vincent E. Parla, Kyle Andrew Donald MESTERY, Andrew ZAWADOWSKIY
-
Publication number: 20220417158Abstract: A method of defining priority of a number of data packets within a queue includes generating a policy. The policy defines a first multiplexed channel of a plurality of multiplexed channels. The first multiplexed channel having a first priority. The policy also defines a second multiplexed channel of the plurality of multiplexed channels. The second multiplexed channel having a second priority. The first priority is defined as being of a higher priority relative to the second priority. The method further includes receiving the number of data packets over the plurality of multiplexed channels associated with a session based at least in part on the policy.Type: ApplicationFiled: June 24, 2021Publication date: December 29, 2022Inventors: Vincent Parla, Andrew Zawadowskiy, Oleg Bessonov, Hendrikus G. P. Bosch
-
Publication number: 20210360004Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: June 28, 2021Publication date: November 18, 2021Inventors: David McGrew, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING
-
Patent number: 11093605Abstract: In one example embodiment, a computing device has a processor that executes a processor instruction stream that causes the processor to perform one or more operations for the computing device. The computing device generates one or more trace data packets including a first instruction pointer of the processor instruction stream, a second instruction pointer of the processor instruction stream subsequent to the first instruction pointer, and a string of characters derived from instructions associated with a control flow transfer between the first instruction pointer of the processor instruction stream and the second instruction pointer of the processor instruction stream. The computing device determines whether the one or more trace data packets are consistent with a secure processor instruction stream known or determined to be secure from malicious processor instructions and, if not, generates an indication that the processor instruction stream is not secure.Type: GrantFiled: October 3, 2018Date of Patent: August 17, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Andrew Zawadowskiy, Vincent E. Parla, Alok Mittal
-
Patent number: 11057420Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: March 29, 2019Date of Patent: July 6, 2021Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Publication number: 20200004954Abstract: In one example embodiment, a computing device has a processor that executes a processor instruction stream that causes the processor to perform one or more operations for the computing device. The computing device generates one or more trace data packets including a first instruction pointer of the processor instruction stream, a second instruction pointer of the processor instruction stream subsequent to the first instruction pointer, and a string of characters derived from instructions associated with a control flow transfer between the first instruction pointer of the processor instruction stream and the second instruction pointer of the processor instruction stream. The computing device determines whether the one or more trace data packets are consistent with a secure processor instruction stream known or determined to be secure from malicious processor instructions and, if not, generates an indication that the processor instruction stream is not secure.Type: ApplicationFiled: October 3, 2018Publication date: January 2, 2020Inventors: Andrew Zawadowskiy, Vincent E. Parla, Alok Mittal
-
Publication number: 20190230095Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: DAVID MCGREW, ANDREW ZAWADOWSKIY, DONOVAN O'HARA, SARAVANAN RADHAKRISHNAN, TOMAS PEVNY, DANIEL G. WING
-
Patent number: 10305928Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.Type: GrantFiled: August 6, 2015Date of Patent: May 28, 2019Assignee: Cisco Technology, Inc.Inventors: David McGrew, Andrew Zawadowskiy, Donovan O'Hara, Saravanan Radhakrishnan, Tomas Pevny, Daniel G. Wing
-
Patent number: 10027626Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.Type: GrantFiled: May 17, 2016Date of Patent: July 17, 2018Assignee: Cisco Technology, Inc.Inventors: Todd Short, Andrew Zawadowskiy, Antonio Martin, Vincent E. Parla
-
Patent number: 9660833Abstract: In one embodiment, a method is provided for improving data center and endpoint network visibility and security. The method comprises detecting a communication flow of a plurality of packets over a network, and generating a flow identifier that uniquely identifies the communication flow. After determining an application associated with the communication flow, a flow record is generated. The flow record includes the flow identifier and an indication of the application associated with the communication flow. The indication of the application may be, for example, a hash of the application binary file.Type: GrantFiled: May 9, 2014Date of Patent: May 23, 2017Assignee: Cisco Technology, Inc.Inventors: Andrew Zawadowskiy, Vincent E. Parla, Donovan O'Hara