US 12,425,433 B2
Adversarial training for malicious protocol data unit detection with field value perturbations
Ajaya Neupane, San Jose, CA (US); Yu Fu, Los Gatos, CA (US); Lei Xu, Palo Alto, CA (US); Mei Wang, Saratoga, CA (US); and Fikirte Ayalke Demmese, Sunnyvale, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Oct. 6, 2023, as Appl. No. 18/482,719.
Prior Publication US 2025/0119442 A1, Apr. 10, 2025
Int. Cl. H04L 9/40 (2022.01); H04L 41/16 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 41/16 (2013.01); H04L 63/1466 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
perturbing a first plurality of protocol data units (PDUs) to generate a second plurality of PDUs, wherein perturbing the first plurality of PDUs comprises,
removing low importance fields of PDUs in the first plurality of PDUs; and
at least one of reordering fields of PDUs in the first plurality of PDUs, randomly replacing values of fields of PDUs in the first plurality of PDUs, and iteratively replacing values of a subset of fields in the first plurality of PDUs with values in lists of known values for the subset of fields; and
training one or more machine learning models to detect malicious network traffic with the second plurality of PDUs, wherein the second plurality of PDUs have been labeled to indicate whether each of the second plurality of PDUs corresponds to known malicious or benign network traffic.