Changeflow GovPing Telecom & Technology Palo Alto Networks two-layer ML malware detector
Routine Notice Added Final

Palo Alto Networks two-layer ML malware detector

Favicon for changeflow.com ChangeBridge: Patent Grants - Networking (H04L)
Published March 31st, 2026
Detected March 31st, 2026
Email

Summary

USPTO granted Palo Alto Networks patent US12592948B2 for a two-layer machine learning malware detection system that classifies network traffic across multiple protocols. The invention correlates network sessions by source indicators and uses protocol-specific first-layer classifiers to improve cross-protocol malware detection accuracy. The patent contains 25 claims covering the ML architecture, classification methods, and system configurations.

View original document View source feed page

What changed

USPTO granted Palo Alto Networks patent US12592948B2 on March 31, 2026, covering a system and method for detecting malware traffic using a two-layer machine learning architecture. The first layer includes protocol-specific classifiers (H04L 63/1425, H04L 63/10, G06N 20/00) that analyze traffic sessions, while the second layer correlates sessions with common source indicators and determines cross-protocol classifications. The system uses CPC classifications including network security (H04L 63/14), machine learning (G06N 20/00, G06N 7/01), and network protocols (H04L 69/22).

This patent grant gives Palo Alto Networks exclusive rights to the two-layer ML malware detection technology in the United States. Competitors developing similar cross-protocol malware detection systems may need to design around these claims or seek licensing. The patent does not impose compliance obligations on third parties but establishes IP rights that could affect future product development in network security and ML-based traffic analysis.

Source document (simplified)

← USPTO Patent Grants

Cross protocol malware traffic detection using a two-layer ML architecture

Grant US12592948B2 Kind: B2 Mar 31, 2026

Assignee

Palo Alto Networks, Inc.

Inventors

Lei Xu, Taojie Wang, Shengming Xu

Abstract

A system, method, and device for classifying traffic is disclosed. The method includes (i) correlating a plurality of network traffic sessions with same source indicators to obtain correlated network traffic, (ii) classifying the plurality of network traffic sessions based at least in part on a plurality of first-layer classifiers to obtain a set of first-layer classifications, wherein the plurality of first-layer classifiers are respectively associated with a plurality of protocols, and (iii) determining a second-layer classification for the correlated network traffic based at least in part on the set of first-layer classifications.

CPC Classifications

H04L 63/1425 H04L 63/10 H04L 63/1416 H04L 63/0428 H04L 12/4641 H04L 61/4511 H04L 12/4633 H04L 63/0281 H04L 67/56 H04L 63/30 H04L 63/0272 H04L 63/029 H04L 67/564 H04L 45/74 H04L 63/164 H04L 69/22 H04L 41/0631 H04L 63/1458 H04L 41/12 H04L 41/16 H04L 63/1433 H04L 41/145 H04L 43/022 H04L 63/1408 H04L 63/1441 H04L 69/18 G06N 20/00 G06N 20/20 G06N 7/01 G06N 5/02 G06N 5/01 G06N 5/025 G06F 9/545 G06F 21/552

Filing Date

2023-12-22

Application No.

18394403

Claims

25

View original document →

Named provisions

Abstract CPC Classifications Claims

Related changes

Favicon for changeflow.com User terminal and radio communication method
Routine Apr 01, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Communication identifier padding in a communication network
Routine Apr 01, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Communication method and communications apparatus
Routine Apr 01, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for www.epo.org eSACEPO Digital Patent Process Meeting Highlights
Routine Apr 02, 2026 EPO News RSS Courts & Legal
Favicon for www.epo.org Updated Patent Examination Guidelines Enter Force
Routine Apr 02, 2026 EPO News RSS Courts & Legal
Favicon for changeflow.com Application-specific cryptographic keys from network authentication patent
Routine Apr 02, 2026 ChangeBridge: EPO Bulletin - Networking (H04L) Telecom & Technology

Source

Favicon for changeflow.com
ChangeBridge: Patent Grants - Networking (H04L) changeflow.com/changebridge/uspto-patent-grants/H04L
Telecom & Technology
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
USPTO
Published
March 31st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
US12592948B2

Who this affects

Applies to
Technology companies Manufacturers Healthcare providers
Industry sector
5112 Software & Technology 3341 Computer & Electronics Manufacturing 5170 Telecommunications
Activity scope
Patent Protection Network Security Technology Machine Learning Classification
Geographic scope
United States US

Taxonomy

Primary area
Intellectual Property
Operational domain
Legal
Topics
Cybersecurity Data Privacy

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Telecom & Technology alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ChangeBridge: Patent Grants - Networking (H04L) publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.