-
公开(公告)号:US20160359887A1
公开(公告)日:2016-12-08
申请号:US15097236
申请日:2016-04-12
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
CPC classification number: H04L63/1425 , H04L61/1511 , H04L61/2514
Abstract: In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data, identifying at the analytics module, Domain Name System (DNS) exchanges within the network, associating at the analytics module, the DNS exchanges with process, user, and host information, and identifying at the analytics module, anomalies in the DNS exchanges. An apparatus and logic are also disclosed herein.
Abstract translation: 在一个实施例中,一种方法包括:在分布在网络设备上的分析模块接收从分布在整个网络上的多个传感器收集并安装在网络组件中的网络流量数据,以获得网络流量数据,在分析模块识别域 在网络内的名称系统(DNS)交换,在分析模块关联,DNS与进程,用户和主机信息交换,以及在分析模块识别DNS交换中的异常。 本文还公开了一种装置和逻辑。
-
Patent Agency Ranking
公开(公告)号:US10079846B2
公开(公告)日:2018-09-18
申请号:US15097236
申请日:2016-04-12
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
CPC classification number: H04L63/1425 , H04L61/1511 , H04L61/2514
Abstract: In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data, identifying at the analytics module, Domain Name System (DNS) exchanges within the network, associating at the analytics module, the DNS exchanges with process, user, and host information, and identifying at the analytics module, anomalies in the DNS exchanges. An apparatus and logic are also disclosed herein.
-
3.发明申请METHOD AND APPARATUS FOR COMPUTING CELL DENSITY BASED RARENESS FOR USE IN ANOMALY DETECTION 审中-公开用于计算细胞密度的稀有度的方法和装置用于异常检测公开(公告)号:US20160359685A1
公开(公告)日:2016-12-08
申请号:US15091061
申请日:2016-04-05
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
CPC classification number: H04L41/16 , G06N7/005 , H04L41/142 , H04L43/062
Abstract: In one embodiment, a method includes receiving network data at an analytics device, grouping features of the network data into multivariate bins, generating a density for each of the multivariate bins, computing a rareness metric for each of the multivariate bins based on a probability of obtaining a feature in a bin and the probability for all other of the multivariate bins with equal or smaller density, and identifying anomalies based on computed rareness metrics. An apparatus and logic are also disclosed herein.
Abstract translation: 在一个实施例中,一种方法包括在分析装置处接收网络数据,将网络数据的特征分组成多变量仓,为每个多变量仓产生密度,基于多变量仓的概率计算每个多变量仓的稀有度度量 获得bin中的特征以及具有相同或更小密度的所有其他多变量箱的概率,以及基于计算的稀有度度量来识别异常。 本文还公开了一种装置和逻辑。
-
公开(公告)号:US10154053B2
公开(公告)日:2018-12-11
申请号:US15090992
申请日:2016-04-05
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
Abstract: In one embodiment, a method includes receiving network data at an analytics device, identifying features for the network data at the analytics device, grouping each of the features into bins of varying width at the analytics device, the bins comprising bin boundaries selected based on a probability that data within each of the bins follows a discrete uniform distribution, and utilizing the binned features for anomaly detection. An apparatus and logic are also disclosed herein.
-
5.发明申请METHOD AND APPARATUS FOR GROUPING FEATURES INTO BINS WITH SELECTED BIN BOUNDARIES FOR USE IN ANOMALY DETECTION 审中-公开将特征分组到具有选定的BIN边界以用于异常检测的方法和装置公开(公告)号:US20160359886A1
公开(公告)日:2016-12-08
申请号:US15090992
申请日:2016-04-05
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
IPC: H04L29/06
CPC classification number: H04L63/1425 , H04L41/142 , H04L41/16 , H04L43/062 , H04L63/20
Abstract: In one embodiment, a method includes receiving network data at an analytics device, identifying features for the network data at the analytics device, grouping each of the features into bins of varying width at the analytics device, the bins comprising bin boundaries selected based on a probability that data within each of the bins follows a discrete uniform distribution, and utilizing the binned features for anomaly detection. An apparatus and logic are also disclosed herein.
Abstract translation: 在一个实施例中,一种方法包括在分析设备处接收网络数据,识别分析设备处的网络数据的特征,将每个特征分组成分析设备的不同宽度的分组,所述分组包括基于 每个仓内的数据遵循离散均匀分布的概率,并利用装箱特征进行异常检测。 本文还公开了一种装置和逻辑。
-
公开(公告)号:US20160359695A1
公开(公告)日:2016-12-08
申请号:US15090930
申请日:2016-04-05
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Navindra Yadav , Ellen Scheib , Rachita Agasthy
CPC classification number: H04L43/04 , G06N20/00 , H04L41/142 , H04L41/16 , H04L43/12 , H04L63/1425
Abstract: In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information, and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. An apparatus and logic are also disclosed herein.
Abstract translation: 在一个实施例中,一种方法包括在网络设备上操作的分析模块处接收从分布在整个网络上的多个传感器收集并安装在网络组件中的网络业务数据,以从网络和从网络发送的分组获得网络业务数据 组件,并从网络中的多个角度监控网络内的网络流量,处理分析模块上的网络流量数据,包括进程信息,用户信息和主机信息的网络流量数据,以及在分析模块识别内的异常 基于网络行为动态建模的网络流量数据。 本文还公开了一种装置和逻辑。
-
-
-
-
-
Search Results
6
records
(took 0.018 seconds)
