US 12,289,325 B2
Blocking or allowing a file stream associated with a file based on an initial portion of the file
Paul Randee Dilim Kimayong, Watertown (SG); and Mounir Hahad, Campbell, CA (US)
Assigned to Juniper Networks, Inc., Sunnyvale, CA (US)
Filed by Juniper Networks, Inc., Sunnyvale, CA (US)
Filed on Dec. 3, 2021, as Appl. No. 17/457,523.
Prior Publication US 2023/0179607 A1, Jun. 8, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) 20 Claims
OG exemplary drawing
 
1. A network device, comprising:
one or more memories; and
one or more processors to:
receive a file stream associated with a file;
identify, based on receiving the file stream, an initial portion of the file;
process the initial portion of the file to determine a file type of the file and one or more features of the file,
wherein the one or more features include a respective entropy of one or more sections of the file;
determine that the file is a type of file associated with further processing based on the file type;
generate, based on the file being the type of file associated with the further processing and based on the one or more features of the file, a determination as to whether the file is malicious,
wherein the file stream is forwarded towards a destination device without generating the determination when the file is not the type of file associated with the further processing; and
block or allow, based on the determination, the file stream.