Cross protocol malware traffic detection using a two-layer ML architecture
Grant
US12592948B2
Kind: B2
Mar 31, 2026
Assignee
Palo Alto Networks, Inc.
Inventors
Lei Xu, Taojie Wang, Shengming Xu
Abstract
A system, method, and device for classifying traffic is disclosed. The method includes (i) correlating a plurality of network traffic sessions with same source indicators to obtain correlated network traffic, (ii) classifying the plurality of network traffic sessions based at least in part on a plurality of first-layer classifiers to obtain a set of first-layer classifications, wherein the plurality of first-layer classifiers are respectively associated with a plurality of protocols, and (iii) determining a second-layer classification for the correlated network traffic based at least in part on the set of first-layer classifications.
CPC Classifications
H04L 63/1425
H04L 63/10
H04L 63/1416
H04L 63/0428
H04L 12/4641
H04L 61/4511
H04L 12/4633
H04L 63/0281
H04L 67/56
H04L 63/30
H04L 63/0272
H04L 63/029
H04L 67/564
H04L 45/74
H04L 63/164
H04L 69/22
H04L 41/0631
H04L 63/1458
H04L 41/12
H04L 41/16
H04L 63/1433
H04L 41/145
H04L 43/022
H04L 63/1408
H04L 63/1441
H04L 69/18
G06N 20/00
G06N 20/20
G06N 7/01
G06N 5/02
G06N 5/01
G06N 5/025
G06F 9/545
G06F 21/552
Filing Date
2023-12-22
Application No.
18394403
Claims
25