Patents by Inventor Subharthi Paul
Subharthi Paul has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11909760Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: August 6, 2021Date of Patent: February 20, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 11748477Abstract: In one embodiment, a device in a network tracks traffic features indicated by header information of packets of an encrypted traffic flow over time. The encrypted traffic flow is associated with a particular host in the network. The device detects an operating system start event based on the traffic features and provides data regarding the detected operating system start event as input to a machine learning-based malware detector to determine whether the particular host with which the encrypted traffic flow is associated is infected with malware. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.Type: GrantFiled: July 22, 2021Date of Patent: September 5, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul
-
Patent number: 11570166Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.Type: GrantFiled: April 17, 2020Date of Patent: January 31, 2023Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul, William Michael Hudson, Jr., Philip Ryan Perricone
-
Patent number: 11443230Abstract: A trained model may be deployed to an Internet-of-Things (IOT) operational environment in order to ingest features and detect events extracted from network traffic. The model may be received and converted into a meta-language representation which is interpretable by a data plane engine. The converted model can then be deployed to the data plane and may extract features from network communications over the data plane. The extracted features may be fed to the deployed model in order to generate event classifications or device state classifications.Type: GrantFiled: September 19, 2018Date of Patent: September 13, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Nancy Cam-Winget, Subharthi Paul, Blake Anderson, Saman Taghavi Zargar, Oleg Bessonov, Robert Frederick Albach, Sanjay Kumar Agarwal, Mark Steven Knellinger
-
Patent number: 11412000Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: GrantFiled: January 14, 2020Date of Patent: August 9, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Patent number: 11195120Abstract: Methods an systems to classify a training dataset of network data as a poisoned training dataset based on a first dataset-level classifier, identify and remove poison samples of the poisoned training dataset based on a sample-level classifier to produce a non-poisoned dataset, training a machine-based model to analyze network traffic based on the modified non-poisoned dataset, and analyze network traffic with the machine-based model.Type: GrantFiled: February 9, 2018Date of Patent: December 7, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul
-
Publication number: 20210377283Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: ApplicationFiled: August 6, 2021Publication date: December 2, 2021Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Publication number: 20210349996Abstract: In one embodiment, a device in a network tracks traffic features indicated by header information of packets of an encrypted traffic flow over time. The encrypted traffic flow is associated with a particular host in the network. The device detects an operating system start event based on the traffic features and provides data regarding the detected operating system start event as input to a machine learning-based malware detector to determine whether the particular host with which the encrypted traffic flow is associated is infected with malware. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.Type: ApplicationFiled: July 22, 2021Publication date: November 11, 2021Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul
-
Patent number: 11108810Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: May 8, 2020Date of Patent: August 31, 2021Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 11095670Abstract: In one example embodiment, a network management device generates a first script defining a first function for detecting a first customizable network event in a sequence of customizable network events indicative of a security threat to a network. The network management device activates the first script at a first network device in the network so as to cause the first network device to execute the first function for detecting the first customizable network event, and obtains, from the first network device, one or more indications that the first network device has detected the first customizable network event. Based on the one or more indications, the network management device determines whether to activate a second script defining a second function for detecting a second customizable network event in the sequence at a second network device in the network capable of detecting the second customizable network event.Type: GrantFiled: July 9, 2018Date of Patent: August 17, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Subharthi Paul, Saman Taghavi Zargar, Jayaraman Iyer, Hari Shankar
-
Patent number: 11093609Abstract: In one embodiment, a device in a network tracks changes in a source port or address identifier indicated by network traffic associated with a particular host in the network. The device detects an operating system start event based on the track changes in the source port or address identifier indicated in the traffic data associated with the particular host. The device provides data regarding the detected operating system start event as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.Type: GrantFiled: September 11, 2019Date of Patent: August 17, 2021Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul
-
Publication number: 20210218771Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.Type: ApplicationFiled: January 14, 2020Publication date: July 15, 2021Inventors: Michel Khouderchah, Jayaraman Iyer, Kent K. Leung, Jianxin Wang, Donovan O'Hara, Saman Taghavi Zargar, Subharthi Paul
-
Publication number: 20200267164Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: ApplicationFiled: May 8, 2020Publication date: August 20, 2020Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Publication number: 20200244648Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.Type: ApplicationFiled: April 17, 2020Publication date: July 30, 2020Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul, William Michael Hudson, JR., Philip Ryan Perricone
-
Patent number: 10686831Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.Type: GrantFiled: November 16, 2016Date of Patent: June 16, 2020Assignee: Cisco Technology, Inc.Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
-
Patent number: 10666640Abstract: In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.Type: GrantFiled: December 20, 2017Date of Patent: May 26, 2020Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul, William Michael Hudson, Jr., Philip Ryan Perricone
-
Patent number: 10659484Abstract: In one embodiment, a centralized controller maintains a plurality of hierarchical behavioral modules of a behavioral model, and distributes initial behavioral modules to data plane entities to cause them to apply the initial behavioral modules to data plane traffic. The centralized controller may then receive data from a particular data plane entity based on its having applied the initial behavioral modules to its data plane traffic. The centralized controller then distributes subsequent behavioral modules to the particular data plane entity to cause it to apply the subsequent behavioral modules to the data plane traffic, the subsequent behavioral modules selected based on the previously received data from the particular data plane entity. The centralized controller may then iteratively receive data from the particular data plane entity and distribute subsequently selected behavioral modules until an attack determination is made on the data plane traffic of the particular data plane entity.Type: GrantFiled: February 19, 2018Date of Patent: May 19, 2020Assignee: Cisco Technology, Inc.Inventors: Saman Taghavi Zargar, Subharthi Paul, Prashanth Patil, Jayaraman Iyer, Hari Shankar
-
Publication number: 20200014713Abstract: In one example embodiment, a network management device generates a first script defining a first function for detecting a first customizable network event in a sequence of customizable network events indicative of a security threat to a network. The network management device activates the first script at a first network device in the network so as to cause the first network device to execute the first function for detecting the first customizable network event, and obtains, from the first network device, one or more indications that the first network device has detected the first customizable network event. Based on the one or more indications, the network management device determines whether to activate a second script defining a second function for detecting a second customizable network event in the sequence at a second network device in the network capable of detecting the second customizable network event.Type: ApplicationFiled: July 9, 2018Publication date: January 9, 2020Inventors: Subharthi Paul, Saman Taghavi Zargar, Jayaraman Iyer, Hari Shankar
-
Publication number: 20200004958Abstract: In one embodiment, a device in a network tracks changes in a source port or address identifier indicated by network traffic associated with a particular host in the network. The device detects an operating system start event based on the track changes in the source port or address identifier indicated in the traffic data associated with the particular host. The device provides data regarding the detected operating system start event as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.Type: ApplicationFiled: September 11, 2019Publication date: January 2, 2020Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul
-
Patent number: 10452846Abstract: In one embodiment, a device in a network tracks changes in a source port or address identifier indicated by network traffic associated with a particular host in the network. The device detects an operating system start event based on the track changes in the source port or address identifier indicated in the traffic data associated with the particular host. The device provides data regarding the detected operating system start event as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the malware detector determines that the particular host is infected with malware.Type: GrantFiled: July 13, 2017Date of Patent: October 22, 2019Assignee: Cisco Technology, Inc.Inventors: David McGrew, Blake Harrell Anderson, Subharthi Paul