US 12,034,752 B2
System and method for traffic-based computing interface misconfiguration detection
Shay Levi, Tel Aviv (IL); Oz Golan, Ramat Gan (IL); Oren Shpigel, Tel Aviv (IL); Aner Morag, Tel Aviv (IL); Dor Dankner, Tel Aviv (IL); Ron Martziano, Ramat Gan (IL); Pavel Vaks, Tel Aviv (IL); Hila Zigman, Ramat Gan (IL); Netanel Maman, Mazkeret Batia (IL); and Yuval Alkalai Tavori, Ramat Gan (IL)
Assigned to NONAME GATE LTD, Tel Aviv-Jaffa (IL)
Filed by NONAME GATE LTD, Tel Aviv-Jaffa (IL)
Filed on Oct. 20, 2021, as Appl. No. 17/505,973.
Prior Publication US 2023/0123196 A1, Apr. 20, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/145 (2013.01); H04L 63/20 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method for traffic-based misconfiguration detection, comprising:
duplicating traffic to and from a computing interface, wherein duplicating the traffic includes extracting data from a plurality of communication protocol layers used for communications with the computing interface and converting the extracted data into a unified data modeling format;
analyzing a first set of computing interface traffic data including the duplicated traffic in order to identify types of data included among the traffic to and from the computing interface;
creating at least one computing interface schema based on the analysis, wherein each computing interface schema defines a plurality of schema fields and a plurality of corresponding schema values, wherein each schema value indicates a normal behavior for the computing interface with respect to the corresponding schema field; and
identifying a misconfiguration of the computing interface based on the at least one computing interface schema and a second set of computing interface traffic data.