Efficient On-Device Binary Analysis for Auto-Generated Behavioral Models
US-2015356451-A1 · Dec 10, 2015 · US
Packet analysis based IOT management
US12289329B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12289329-B2 |
| Application number | US-202016942633-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2020 |
| Priority date | Apr 7, 2015 |
| Publication date | Apr 29, 2025 |
| Grant date | Apr 29, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.
First claim
Opening claim text (preview).
We claim: 1. An IoT device management system, comprising: a processor configured to: obtain a set of data packets comprising at least one of: data packets transmitted to an IoT device, or data packets transmitted from an IoT device; analyze at least one packet included in the set of data packets to identify transaction data from a payload of the at least one packet; generate an event log for the IoT device from the transaction data; update the event log, in real-time, to indicate current operation of the IoT device, wherein the event log includes a pattern of events corresponding to at least one of: a specific way in which the IoT device is being interacted with, or is otherwise functioning; and provide a historical record for the IoT device, generated at least in part from the event log, to a device profiler configured to terminate flow of data associated with the IoT device if it is determined, at least in part, from a deviation from the historical record, that the IoT device is vulnerable to attack, including in response to a determination that either malware is being pushed to the IoT device, or a user interacting with the IoT device is behaving abnormally; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 , wherein the set of data packets is obtained from a mirror port. 3. The system of claim 1 , wherein the set of data packets is obtained by packet sniffing. 4. The system of claim 1 , wherein the at least one packet is analyzed using deep packet inspection. 5. The system of claim 4 , wherein the at least one packet is selected for the deep packet inspection based at least in part on an identification of IoT device. 6. The system of claim 4 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a source of the at least one packet. 7. The system of claim 4 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a destination of the at least one packet. 8. The system of claim 4 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a packet type of the at least one packet. 9. The system of claim 4 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a data type of the at least one packet. 10. The system of claim 1 , wherein the processor is further configured to generate an access log for the IoT device from the transaction data, wherein the access log is used, at least in part, to generate the historical record for the IoT device. 11. The system of claim 1 , wherein the processor is further configured to generate a system log for the IoT device from the transaction data, wherein the system log is used, at least in part, to generate the historical record for the IoT device. 12. A method, comprising: obtaining a set of data packets comprising at least one of: data packets transmitted to an IoT device or data packets transmitted from an IoT device; analyzing at least one packet included in the set of data packets to identify transaction data from a payload of the at least one packet; generating an event log for the IoT device from the transaction data; updating the event log, in real-time, to indicate current operation of the IoT device, wherein the event log includes a pattern of events corresponding to at least one of: a specific way in which the IoT device is being interacted with, or is otherwise functioning; and providing a historical record for the IoT device, generated at least in part from the event log, to a device profiler configured to terminate flow of data associated with the IoT device if it is determined, at least in part, from a deviation from the historical record, that the IoT device is vulnerable to attack, including in response to a determination that either malware is being pushed to the IoT device, or a user interacting with the IoT device is behaving abnormally. 13. The method of claim 12 , wherein the set of data packets is obtained from a mirror port. 14. The method of claim 12 , wherein the set of data packets is obtained by packet sniffing. 15. The method of claim 12 , wherein the at least one packet is analyzed using deep packet inspection. 16. The method of claim 15 , wherein the at least one packet is selected for the deep packet inspection based at least in part on an identification of the IoT device. 17. The method of claim 15 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a source of the at least one packet. 18. The method of claim 15 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a destination of the at least one packet. 19. The method of claim 15 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a packet type of the at least one packet. 20. The method of claim 15 , wherein the at least one packet is selected for the deep packet inspection based at least in part on a data type of the at least one packet. 21. The method of claim 12 , further comprising generating an access log for the IoT device from the transaction data, wherein the access log is used, at least in part, to generate the historical record for the IoT device. 22. The method of claim 12 , further comprising generating a system log for the IoT device from the transaction data, wherein the system log is used, at least in part, to generate the historical record for the IoT device.
Assignees
Inventors
Classifications
Terminal profiles · CPC title
using logs of notifications; Post-processing of notifications · CPC title
Network monitoring probes · CPC title
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
Arrangements for monitoring or testing data switching networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12289329B2 cover?
- Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT d…
- Who is the assignee on this patent?
- Palo Alto Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 29 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).