US 12,192,078 B2
System and method of assigning reputation scores to hosts
Sunil Kumar Gupta, Milpitas, CA (US); Navindra Yadav, Cupertino, CA (US); Michael Standish Watts, Mill Valley, CA (US); Ali Parandehgheibi, Sunnyvale, CA (US); Shashidhar Gandham, Fremont, CA (US); Ashutosh Kulshreshtha, Cupertino, CA (US); and Khawar Deen, Sunnyvale, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Mar. 1, 2024, as Appl. No. 18/593,403.
Application 18/593,403 is a continuation of application No. 17/403,026, filed on Aug. 16, 2021, granted, now 11,924,073.
Application 17/403,026 is a continuation of application No. 16/280,894, filed on Feb. 20, 2019, granted, now 11,102,093, issued on Aug. 24, 2021.
Application 16/280,894 is a continuation of application No. 15/171,580, filed on Jun. 2, 2016, granted, now 10,243,817, issued on Mar. 26, 2019.
Claims priority of provisional application 62/171,899, filed on Jun. 5, 2015.
Prior Publication US 2024/0205118 A1, Jun. 20, 2024
Int. Cl. G06F 21/00 (2013.01); G06F 3/0482 (2013.01); G06F 3/04842 (2022.01); G06F 3/04847 (2022.01); G06F 9/455 (2018.01); G06F 16/11 (2019.01); G06F 16/13 (2019.01); G06F 16/16 (2019.01); G06F 16/17 (2019.01); G06F 16/174 (2019.01); G06F 16/23 (2019.01); G06F 16/2457 (2019.01); G06F 16/248 (2019.01); G06F 16/28 (2019.01); G06F 16/29 (2019.01); G06F 16/9535 (2019.01); G06F 21/53 (2013.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06N 20/00 (2019.01); G06N 99/00 (2019.01); G06T 11/20 (2006.01); H04J 3/06 (2006.01); H04J 3/14 (2006.01); H04L 1/24 (2006.01); H04L 7/10 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01); H04L 41/046 (2022.01); H04L 41/0668 (2022.01); H04L 41/0803 (2022.01); H04L 41/0806 (2022.01); H04L 41/0816 (2022.01); H04L 41/0893 (2022.01); H04L 41/12 (2022.01); H04L 41/16 (2022.01); H04L 41/22 (2022.01); H04L 43/02 (2022.01); H04L 43/026 (2022.01); H04L 43/04 (2022.01); H04L 43/045 (2022.01); H04L 43/062 (2022.01); H04L 43/08 (2022.01); H04L 43/0805 (2022.01); H04L 43/0811 (2022.01); H04L 43/0829 (2022.01); H04L 43/0852 (2022.01); H04L 43/0864 (2022.01); H04L 43/0876 (2022.01); H04L 43/0882 (2022.01); H04L 43/0888 (2022.01); H04L 43/10 (2022.01); H04L 43/106 (2022.01); H04L 43/12 (2022.01); H04L 43/16 (2022.01); H04L 45/00 (2022.01); H04L 45/302 (2022.01); H04L 45/50 (2022.01); H04L 45/74 (2022.01); H04L 47/11 (2022.01); H04L 47/20 (2022.01); H04L 47/2441 (2022.01); H04L 47/2483 (2022.01); H04L 47/28 (2022.01); H04L 47/31 (2022.01); H04L 47/32 (2022.01); H04L 61/5007 (2022.01); H04L 67/01 (2022.01); H04L 67/10 (2022.01); H04L 67/1001 (2022.01); H04L 67/12 (2022.01); H04L 67/51 (2022.01); H04L 67/75 (2022.01); H04L 69/16 (2022.01); H04L 69/22 (2022.01); H04W 72/54 (2023.01); H04W 84/18 (2009.01); H04L 67/50 (2022.01)
CPC H04L 43/045 (2013.01) [G06F 3/0482 (2013.01); G06F 3/04842 (2013.01); G06F 3/04847 (2013.01); G06F 9/45558 (2013.01); G06F 16/122 (2019.01); G06F 16/137 (2019.01); G06F 16/162 (2019.01); G06F 16/17 (2019.01); G06F 16/173 (2019.01); G06F 16/174 (2019.01); G06F 16/1744 (2019.01); G06F 16/1748 (2019.01); G06F 16/2322 (2019.01); G06F 16/235 (2019.01); G06F 16/2365 (2019.01); G06F 16/24578 (2019.01); G06F 16/248 (2019.01); G06F 16/285 (2019.01); G06F 16/288 (2019.01); G06F 16/29 (2019.01); G06F 16/9535 (2019.01); G06F 21/53 (2013.01); G06F 21/552 (2013.01); G06F 21/556 (2013.01); G06F 21/566 (2013.01); G06N 20/00 (2019.01); G06N 99/00 (2013.01); G06T 11/206 (2013.01); H04J 3/0661 (2013.01); H04J 3/14 (2013.01); H04L 1/242 (2013.01); H04L 7/10 (2013.01); H04L 9/0866 (2013.01); H04L 9/3239 (2013.01); H04L 9/3242 (2013.01); H04L 41/046 (2013.01); H04L 41/0668 (2013.01); H04L 41/0803 (2013.01); H04L 41/0806 (2013.01); H04L 41/0816 (2013.01); H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 41/16 (2013.01); H04L 41/22 (2013.01); H04L 43/02 (2013.01); H04L 43/026 (2013.01); H04L 43/04 (2013.01); H04L 43/062 (2013.01); H04L 43/08 (2013.01); H04L 43/0805 (2013.01); H04L 43/0811 (2013.01); H04L 43/0829 (2013.01); H04L 43/0841 (2013.01); H04L 43/0858 (2013.01); H04L 43/0864 (2013.01); H04L 43/0876 (2013.01); H04L 43/0882 (2013.01); H04L 43/0888 (2013.01); H04L 43/10 (2013.01); H04L 43/106 (2013.01); H04L 43/12 (2013.01); H04L 43/16 (2013.01); H04L 45/306 (2013.01); H04L 45/38 (2013.01); H04L 45/46 (2013.01); H04L 45/507 (2013.01); H04L 45/66 (2013.01); H04L 45/74 (2013.01); H04L 47/11 (2013.01); H04L 47/20 (2013.01); H04L 47/2441 (2013.01); H04L 47/2483 (2013.01); H04L 47/28 (2013.01); H04L 47/31 (2013.01); H04L 47/32 (2013.01); H04L 61/5007 (2022.05); H04L 63/0227 (2013.01); H04L 63/0263 (2013.01); H04L 63/06 (2013.01); H04L 63/0876 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/145 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01); H04L 63/16 (2013.01); H04L 63/20 (2013.01); H04L 67/01 (2022.05); H04L 67/10 (2013.01); H04L 67/1001 (2022.05); H04L 67/12 (2013.01); H04L 67/51 (2022.05); H04L 67/75 (2022.05); H04L 69/16 (2013.01); H04L 69/22 (2013.01); H04W 72/54 (2023.01); H04W 84/18 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2101 (2013.01); G06F 2221/2105 (2013.01); G06F 2221/2111 (2013.01); G06F 2221/2115 (2013.01); G06F 2221/2145 (2013.01); H04L 67/535 (2022.05)] 15 Claims
OG exemplary drawing
 
1. A method comprising:
receiving network traffic from a first host in a network;
extracting connection data from the network traffic representing a first network flow from the first host to a second host, the first host connecting with an additional host through the second host, the additional host being compromised, the connection data including an IP address associated with the first host, wherein the first host is in a data center at one of virtual layer, hypervisor layer and physical layer;
assessing the connection data using a machine learning process to determine a reputation score for the first host;
utilizing the reputation score to assign the first host to a group having a group policy; and
restricting traffic from the second host to the first host according to the group policy.