Efficient On-Device Binary Analysis for Auto-Generated Behavioral Models
US-2015356451-A1 · Dec 10, 2015 · US
IoT application learning
US12294482B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12294482-B2 |
| Application number | US-201917273648-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 3, 2019 |
| Priority date | Sep 4, 2018 |
| Publication date | May 6, 2025 |
| Grant date | May 6, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for performing automated learning of an Internet-of-Things (IoT) application are disclosed. The automated learning is based on generation of application-agnostic events, allowing the automated learning to be performed without prior knowledge of the IoT application.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method, comprising: receiving a detected set of Internet of Things (IoT) application events, wherein the IoT application events are associated with activities of an IoT application executing on an IoT device; identifying, from a predetermined set of different types of activities, one or more application-specific activities; extracting one or more attributes from a plurality of payloads of IoT messages associated with the IoT application executing on the IoT device as a set of activity parameters and using extracted information to perform automated payload learning, wherein the extracting includes filtering out one or more confidential values; predicting a set of activities of the IoT application in accordance with the set of activity parameters at least in part by using domain knowledge; determining whether at least one of the IoT application events falls outside the predicted set of activities; and generating an alert associated with the at least one of the IoT application events when it is determined the at least one of the IoT application events falls outside the predicted set of activities. 2. The method of claim 1 , wherein the IoT application events are detected via passive monitoring. 3. The method of claim 1 , wherein the IoT application events are detected using deep packet inspection (DPI). 4. The method of claim 1 , wherein the IoT application events are detected using subscription-based inspection. 5. The method of claim 1 , wherein using the domain knowledge to predict the set of activities includes identifying a repeating pattern. 6. The method of claim 1 , wherein using the domain knowledge to predict the set of activities includes utilizing tags or labels injected into activity fields of the IoT application events. 7. The method of claim 1 , wherein an IoT application event of the IoT application events comprises a raw event. 8. The method of claim 1 , wherein the IoT application events comprise one or more of network sessions, portions of network sessions, message transport events, and message log events. 9. A system, comprising: a processor configured to: receive a detected set of Internet of Things (IoT) application events, wherein the IoT application events are associated with activities of an IoT application executing on an IoT device; identify, from a predetermined set of different types of activities, one or more application-specific activities; extract one or more attributes from a plurality of payloads of IoT messages associated with the IoT application executing on the IoT device as a set of activity parameters and use extracted information to perform automated payload learning, wherein the extracting includes filtering out one or more confidential values; predict a set of activities of the IoT application in accordance with the set of activity parameters at least in part by using domain knowledge; determine whether at least one of the IoT application events falls outside the predicted set of activities; and generate an alert associated with the at least one of the IoT application events when it is determined the at least one of the IoT application events falls outside the predicted set of activities; and a memory coupled to the processor and configured to provide the processor with instructions. 10. The system of claim 9 , wherein the IoT application events are detected via passive monitoring. 11. The system of claim 9 , wherein the IoT application events are detected using deep packet inspection (DPI). 12. The system of claim 9 , wherein the IoT application events are detected using subscription-based inspection. 13. The system of claim 9 , wherein using the domain knowledge to predict the set of activities includes identifying a repeating pattern. 14. The system of claim 9 , wherein using the domain knowledge to predict the set of activities includes utilizing tags or labels injected into activity fields of the IoT application events. 15. The system of claim 9 , wherein an IoT application event of the IoT application events comprises a raw event. 16. The system of claim 9 , wherein the IoT application events comprise one or more of network sessions, portions of network sessions, message transport events, and message log events. 17. The method of claim 1 , wherein the detected set of IoT application events serve as a signature of the IoT application. 18. The system of claim 9 , wherein the detected set of IoT application events serve as a signature of the IoT application.
Assignees
Inventors
Classifications
by filtering · CPC title
by giving priorities, e.g. assigning classes of service · CPC title
using machine learning or artificial intelligence · CPC title
using logs of notifications; Post-processing of notifications · CPC title
using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12294482B2 cover?
- A system and method for performing automated learning of an Internet-of-Things (IoT) application are disclosed. The automated learning is based on generation of application-agnostic events, allowing the automated learning to be performed without prior knowledge of the IoT application.
- Who is the assignee on this patent?
- Palo Alto Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/0609. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 06 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).