&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11936683.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,936,683 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Analyzing encrypted traffic behavior using contextual traffic data</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Jan Kohout,  Roudnice Nad Labem (CZ);  Blake Harrell Anderson,  Chapel Hill, NC (US);  Martin Grill,  Prague (CZ);  David McGrew,  Poolesville, MD (US);  Martin Kopp,  Beroun (CZ); and  Tomas Pevny,  Praha&#x2014;Modrany (CZ)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  CISCO TECHNOLOGY, INC.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Cisco Technology, Inc.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jul.  26, 2022, as Appl. No. 17/873,544.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/873,544 is a continuation of application No. 17/029,156, filed on Sep.  23, 2020, granted, now 11,451,578.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/029,156 is a continuation of application No. 15/286,728, filed on Oct.  6, 2016, granted, now 10,805,338, issued on Oct.  13, 2020.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0368720 A1, Nov.  17, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06N 20/00</b></i> (2019.01); <i><b>H04L 41/0686</b></i> (2022.01); <i><b>H04L 47/2441</b></i> (2022.01); <i><b>G06N 20/20</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1441</b></i> (2013.01)&#xa0;[<i><b>G06N 20/00</b></i> (2019.01); <i><b>H04L 41/0686</b></i> (2013.01); <i><b>H04L 47/2441</b></i> (2013.01); <i><b>H04L 63/0428</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/145</b></i> (2013.01); <i><b>H04L 63/168</b></i> (2013.01); <i>G06N 20/20</i> (2019.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11936683-20240319-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method, comprising:<div class="claim_text">detecting, at a device in a network, an encrypted traffic flow comprising one or more encrypted packets sent by a client in the network;</div>
                <div class="claim_text">selecting, at the device, one or more additional packets sent by the client from which to capture contextual traffic data for the encrypted traffic flow;</div>
                <div class="claim_text">capturing, by the device, the contextual traffic data for the encrypted traffic flow from the one or more additional packets sent by the client;</div>
                <div class="claim_text">performing, by the device, a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier; and</div>
                <div class="claim_text">generating, by the device, an alert based on the classification of the encrypted traffic flow,</div>
                <div class="claim_text">wherein selection of the one or more additional packets sent by the client from which to capture the contextual traffic data is based on the one or more additional packets being: 1) included in a predefined fixed-size set of packets sent sequentially before or after a request packet of the encrypted traffic flow, 2) sent by the client within a predefined timespan of the request packet of the encrypted traffic flow, or 3) associated with a predefined micro-activity performed by the client.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>