首页> 外国专利> Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices

Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices

机译：半主动探测框架，可收集威胁情报以获取加密流量并了解设备

页面导航

摘要
著录项
相似文献

摘要

In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

机译：在一个实施例中，网络中的设备观察客户端和服务器之间的通信以进行加密会话。设备确定应从服务器获取服务器证书。该设备基于该确定，将握手探测发送到服务器。设备从服务器响应握手探针发送的服务器的握手响应中提取服务器证书信息。设备使用提取的服务器证书信息来分析客户端和服务器之间的流量。

著录项

公开/公告号US10666640B2

专利类型
公开/公告日2020-05-26

原文格式PDF
申请/专利权人 CISCO TECHNOLOGY INC.;
展开▼

申请/专利号US201715848645
发明设计人 DAVID MCGREW;BLAKE HARRELL ANDERSON;SUBHARTHI PAUL;WILLIAM MICHAEL HUDSON JR.;PHILIP RYAN PERRICONE;
展开▼

申请日2017-12-20
分类号H04L29/06;G06F21/55;H04L29/08;H04L9/32;
国家 US
入库时间 2022-08-21 11:29:20

相似文献

专利
外文文献
中文文献