Patents by Inventor Jan Jusko

Jan Jusko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190190928
    Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
    Type: Application
    Filed: December 20, 2017
    Publication date: June 20, 2019
    Inventors: Blake Harrell Anderson, David McGrew, Vincent E. Parla, Jan Jusko, Martin Grill, Martin Vejman
  • Publication number: 20190124094
    Abstract: In one embodiment, a device analyzes network traffic data using a clustering process, to identify a cluster of addresses associated with the network traffic data for which the associated network traffic has similar behavioral characteristics. The device calculates a set of rankings for the cluster by comparing the cluster to different sets of malicious addresses. The device aggregates the set of rankings into a final ranking by setting the rankings in the set as current rankings and iteratively calculating an average of any subset of the current rankings that comprises correlated rankings. The calculated average replaces the rankings in the subset as a current ranking. When none of the current rankings are correlated, the device performs an aggregation across all of the current rankings to form the final ranking. The device provides data indicative of the cluster for review by a supervisor, based on the final ranking.
    Type: Application
    Filed: October 20, 2017
    Publication date: April 25, 2019
    Inventors: Jan Jusko, Jan Stiborek, Tomas Pevny
  • Patent number: 10027562
    Abstract: Detecting network services based on network flow data is disclosed. Using a networking device, network flow data is obtained for a plurality of endpoints of a telecommunications network. Each endpoint of the plurality of endpoints is uniquely described by data comprising an IP address, a port, and a communication protocol. For each endpoint of a set of at least one endpoint selected from the plurality of endpoints, a plurality of peers of the endpoint is determined by detecting communication between the endpoint and the plurality of peers based on the network flow data. For each peer of a set of peers selected from the plurality of peers, a difference between a number of peers of the endpoint and a number of peers of said each peer is determined based on the network flow data. It is determined if the endpoint is a service based on the difference determined for each peer of the set of peers. Network management is performed based on the determination of whether the endpoint is a service.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: July 17, 2018
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Ivan Nikolaev, Martin Grill, Jan Jusko
  • Publication number: 20180034838
    Abstract: In one embodiment, a method includes obtaining a set of samples, each of the set of samples including sample values for each of a plurality of variables in a variable space. The method includes receiving, for each of an initial subset of the set of samples, a label for the sample as being either malicious or legitimate. The method includes identifying one or more boundaries in the variable space based on the labels and sample values for each of the initial subset. The method includes selecting an incremental subset of the unlabeled samples of the set of samples, wherein the incremental subset includes at least one unlabeled sample including sample values further from any of the one or more boundaries than an unlabeled sample that is not included in the incremental subset. The method includes receiving, for each of the incremental subset, a label for the sample as being either malicious or legitimate.
    Type: Application
    Filed: July 28, 2016
    Publication date: February 1, 2018
    Inventors: Jan Jusko, Michal Sofka
  • Patent number: 9813442
    Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: November 7, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Jusko, Tomas Pevny, Martin Rehak
  • Publication number: 20170142151
    Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
    Type: Application
    Filed: February 1, 2017
    Publication date: May 18, 2017
    Inventors: Jan JUSKO, Tomas Pevny, Martin Rehak
  • Patent number: 9596321
    Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: March 14, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Jusko, Tomas Pevny, Martin Rehak
  • Publication number: 20160381183
    Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.
    Type: Application
    Filed: June 24, 2015
    Publication date: December 29, 2016
    Inventors: Jan JUSKO, Tomas Pevny, Martin Rehak
  • Patent number: 9531742
    Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.
    Type: Grant
    Filed: April 10, 2016
    Date of Patent: December 27, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Kohout, Jan Jusko, Tomas Pevny, Martin Rehak
  • Publication number: 20160226902
    Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.
    Type: Application
    Filed: April 10, 2016
    Publication date: August 4, 2016
    Inventors: Jan KOHOUT, Jan JUSKO, Tomas PEVNY, Martin REHAK
  • Patent number: 9344441
    Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.
    Type: Grant
    Filed: September 14, 2014
    Date of Patent: May 17, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Jan Kohout, Jan Jusko, Tomas Pevny, Martin Rehak
  • Publication number: 20160080404
    Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.
    Type: Application
    Filed: September 14, 2014
    Publication date: March 17, 2016
    Inventors: Jan KOHOUT, Jan JUSKO, Tomas PEVNY, Martin REHAK
  • Publication number: 20160080236
    Abstract: Detecting network services based on network flow data is disclosed. Using a networking device, network flow data is obtained for a plurality of endpoints of a telecommunications network. Each endpoint of the plurality of endpoints is uniquely described by data comprising an IP address, a port, and a communication protocol. For each endpoint of a set of at least one endpoint selected from the plurality of endpoints, a plurality of peers of the endpoint is determined by detecting communication between the endpoint and the plurality of peers based on the network flow data. For each peer of a set of peers selected from the plurality of peers, a difference between a number of peers of the endpoint and a number of peers of said each peer is determined based on the network flow data. It is determined if the endpoint is a service based on the difference determined for each peer of the set of peers. Network management is performed based on the determination of whether the endpoint is a service.
    Type: Application
    Filed: September 12, 2014
    Publication date: March 17, 2016
    Inventors: Ivan Nikolaev, Martin Grill, Jan Jusko