Patents by Inventor Ivan Nikolaev
Ivan Nikolaev has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11909760Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: August 6, 2021Date of Patent: February 20, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Publication number: 20220345470Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.Type: ApplicationFiled: July 11, 2022Publication date: October 27, 2022Inventors: David McGrew, Blake Harrell Anderson, Ivan Nikolaev
-
Patent number: 11394728Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.Type: GrantFiled: June 5, 2019Date of Patent: July 19, 2022Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Ivan Nikolaev
-
Publication number: 20220101473Abstract: The present disclosure relates to systems, non-transitory computer readable media, and methods that intelligently provide dynamic transportation modes and corresponding user interfaces to client devices within multi-pickup-location area geofences to satisfy dynamic limitations corresponding to certain alternate location options. For instance, the disclosed systems can provide a transportation option corresponding to a first pickup location for display via the requestor device. Based on determining that the requestor device is associated with a location within a geofence of a multi-pickup-location area, the disclosed systems can provide a selectable mode option for initiating an alternate location transportation mode that includes modifying the pickup location for a transportation request to a second pickup location.Type: ApplicationFiled: September 30, 2020Publication date: March 31, 2022Inventors: Sarah Yael Brovman, Timothy Tay Chao, Daniel Kyungwon Doo, Nir Even Chen, Eun Joung, Ivan Nikolaev Konov, Allen Lamson Nguyen, Lily Sierra, Petch Wannissorn
-
Publication number: 20210377283Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: ApplicationFiled: August 6, 2021Publication date: December 2, 2021Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 11108810Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: May 8, 2020Date of Patent: August 31, 2021Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 10979451Abstract: In one embodiment, a security device in a computer network detects potential domain generation algorithm (DGA) searching activity using a domain name service (DNS) model to detect abnormally high DNS requests made by a host attempting to locate a command and control (C&C) server in the computer network. The server device also detects potential DGA communications activity based on applying a hostname-based classifier for DGA domains associated with any server internet protocol (IP) address in a data stream from the host. The security device may then correlate the potential DGA searching activity with the potential DGA communications activity, and identifies DGA performing malware based on the correlating, accordingly.Type: GrantFiled: February 14, 2018Date of Patent: April 13, 2021Assignee: Cisco Technology, Inc.Inventors: Lukas Machlica, Ivan Nikolaev, Karel Bartos, Martin Grill
-
Patent number: 10785247Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.Type: GrantFiled: January 24, 2017Date of Patent: September 22, 2020Assignee: Cisco Technology, Inc.Inventors: Ivan Nikolaev, Tomas Pevny
-
Publication number: 20200267164Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: ApplicationFiled: May 8, 2020Publication date: August 20, 2020Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 10686831Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: November 16, 2016Date of Patent: June 16, 2020Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Publication number: 20190312893Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.Type: ApplicationFiled: June 5, 2019Publication date: October 10, 2019Inventors: David McGrew, Blake Harrell Anderson, Ivan Nikolaev
-
Publication number: 20190258965Abstract: In one embodiment, a method including accessing a trained classifier, the trained classifier trained based at least on a first data item and including both decision determination information of the first data item and decision explanation information of at least one second data item, the second data item being distinct from the first data item; receiving an item for classification; using the trained classifier to classify the item for classification; and providing item decision information regarding a reason for classifying the item for classification, the item decision information being based on at least a part of the decision explanation information. Other embodiments are also described.Type: ApplicationFiled: February 22, 2018Publication date: August 22, 2019Inventors: Lukas Machlica, Ivan Nikolaev, Jan Brabec
-
Publication number: 20190253435Abstract: In one embodiment, a security device in a computer network detects potential domain generation algorithm (DGA) searching activity using a domain name service (DNS) model to detect abnormally high DNS requests made by a host attempting to locate a command and control (C&C) server in the computer network. The server device also detects potential DGA communications activity based on applying a hostname-based classifier for DGA domains associated with any server internet protocol (IP) address in a data stream from the host. The security device may then correlate the potential DGA searching activity with the potential DGA communications activity, and identifies DGA performing malware based on the correlating, accordingly.Type: ApplicationFiled: February 14, 2018Publication date: August 15, 2019Inventors: Lukas Machlica, Ivan Nikolaev, Karel Bartos, Martin Grill
-
Patent number: 10348745Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.Type: GrantFiled: January 5, 2017Date of Patent: July 9, 2019Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Ivan Nikolaev
-
Patent number: 10081122Abstract: A static mixer for an injection molding machine comprises a plate having an inlet face, an axially opposed outlet face, and a longitudinal axis extending therebetween. A plurality of bores extend through the plate from the inlet face to the outlet face. Each bore extends along a bore axis that is inclined relative to the longitudinal axis. The inlet face comprises an inlet face peripheral portion and an inlet face central portion. The outlet face comprises an outlet face peripheral portion, and an outlet face central portion. A core extends longitudinally between the inlet face central portion and the outlet face central portion.Type: GrantFiled: February 12, 2016Date of Patent: September 25, 2018Assignee: ATHENA AUTOMATION LTD.Inventors: Ivan Nikolaev, Stephen Mracek, Robert D. Schad
-
Publication number: 20180212992Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.Type: ApplicationFiled: January 24, 2017Publication date: July 26, 2018Inventors: Ivan Nikolaev, Tomas Pevny
-
Patent number: 10027562Abstract: Detecting network services based on network flow data is disclosed. Using a networking device, network flow data is obtained for a plurality of endpoints of a telecommunications network. Each endpoint of the plurality of endpoints is uniquely described by data comprising an IP address, a port, and a communication protocol. For each endpoint of a set of at least one endpoint selected from the plurality of endpoints, a plurality of peers of the endpoint is determined by detecting communication between the endpoint and the plurality of peers based on the network flow data. For each peer of a set of peers selected from the plurality of peers, a difference between a number of peers of the endpoint and a number of peers of said each peer is determined based on the network flow data. It is determined if the endpoint is a service based on the difference determined for each peer of the set of peers. Network management is performed based on the determination of whether the endpoint is a service.Type: GrantFiled: September 12, 2014Date of Patent: July 17, 2018Assignee: CISCO TECHNOLOGY, INC.Inventors: Ivan Nikolaev, Martin Grill, Jan Jusko
-
Publication number: 20180191748Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.Type: ApplicationFiled: January 5, 2017Publication date: July 5, 2018Inventors: David McGrew, Blake Harrell Anderson, Ivan Nikolaev
-
Publication number: 20180139214Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: ApplicationFiled: November 16, 2016Publication date: May 17, 2018Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 9654484Abstract: Detecting DGA-based malware is disclosed. In an embodiment, a number of domain name server requests originating from a particular host among a plurality of hosts is determined. The number of domain name server requests are directed to one or more domain name servers. A number of internet protocol addresses contacted by the particular host is determined. Based on the number of domain name server requests and the number of internet protocol addresses contacted existence of malware on the particular host is determined.Type: GrantFiled: July 31, 2014Date of Patent: May 16, 2017Assignee: Cisco Technology, Inc.Inventors: Martin Grill, Ivan Nikolaev