US 12,294,482 B2
IoT application learning
Jianlin Zeng, Santa Clara, CA (US); and Jun Du, Cupertino, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Appl. No. 17/273,648
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
PCT Filed Sep. 3, 2019, PCT No. PCT/US2019/049400
§ 371(c)(1), (2) Date Mar. 4, 2021,
PCT Pub. No. WO2020/051161, PCT Pub. Date Mar. 12, 2020.
Claims priority of provisional application 62/726,981, filed on Sep. 4, 2018.
Prior Publication US 2021/0367829 A1, Nov. 25, 2021
Int. Cl. H04L 41/0604 (2022.01); H04L 41/0631 (2022.01); H04L 41/069 (2022.01); H04L 41/16 (2022.01); H04L 41/5022 (2022.01); H04L 43/028 (2022.01)
CPC H04L 41/0609 (2013.01) [H04L 41/0631 (2013.01); H04L 41/069 (2013.01); H04L 41/16 (2013.01); H04L 41/5022 (2013.01); H04L 43/028 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving a detected set of Internet of Things (IoT) application events, wherein the IoT application events are associated with activities of an IoT application executing on an IoT device;
identifying, from a predetermined set of different types of activities, one or more application-specific activities;
extracting one or more attributes from a plurality of payloads of IoT messages associated with the IoT application executing on the IoT device as a set of activity parameters and using extracted information to perform automated payload learning, wherein the extracting includes filtering out one or more confidential values;
predicting a set of activities of the IoT application in accordance with the set of activity parameters at least in part by using domain knowledge;
determining whether at least one of the IoT application events falls outside the predicted set of activities; and
generating an alert associated with the at least one of the IoT application events when it is determined the at least one of the IoT application events falls outside the predicted set of activities.