US 11,930,036 B2
Detecting attacks and quarantining malware infected devices
Biju Kaimal, Bangalore (IN); Bandam Radha Shravan, Telangana (IN); Thiyagu Rajendran, Bangalore (IN); and Clifford E. Kahn, Westford, MA (US)
Assigned to Pulse Secure, LLC, San Jose, CA (US)
Filed by Pulse Secure, LLC, San Jose, CA (US)
Filed on Aug. 31, 2022, as Appl. No. 17/823,724.
Application 17/823,724 is a continuation of application No. 16/718,909, filed on Dec. 18, 2019, granted, now 11,483,339.
Claims priority of provisional application 62/941,592, filed on Nov. 27, 2019.
Prior Publication US 2023/0007012 A1, Jan. 5, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC H04L 63/145 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); H04L 63/105 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, from a first device on a network, incoming network traffic;
receiving previous network traffic from a second device having the same device type as the first device on an isolated network for a predetermined time period,
creating a network traffic baseline based on the previous network traffic;
comparing the network traffic baseline associated with the incoming network traffic;
determining, based on the comparison, an anomaly type associated with the incoming network traffic; and
changing access to the network by the first device according to an access restriction selected from a set of access restrictions, wherein the access restriction corresponds to the anomaly type.