公开(公告)号：US20180139214A1

公开(公告)日：2018-05-17

申请号：US15353160

申请日：2016-11-16

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  David McGrew ,  Subharthi Paul ,  Ivan Nikolaev ,  Martin Grill

IPC: H04L29/06 ,  H04L9/32 ,  G06N99/00

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

公开(公告)号：US20180139141A1

公开(公告)日：2018-05-17

申请号：US15353940

申请日：2016-11-17

Applicant: Cisco Technology, Inc.

Inventor： Michael Joseph Stepanek ,  Costas Kleopa ,  David McGrew ,  Blake Harrell Anderson ,  Saravanan Radhakrishnan

IPC: H04L12/851 ,  H04L12/825 ,  H04L12/859 ,  H04L12/931 ,  H04L29/06

CPC classification number: H04L47/2441 ,  H04L47/2475 ,  H04L47/2483 ,  H04L47/25 ,  H04L49/355 ,  H04L63/0254 ,  H04L63/0428 ,  H04L63/1425 ,  H04L63/1458 ,  H04L63/166 ,  H04W12/12

Abstract: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

公开(公告)号：US20180007084A1

公开(公告)日：2018-01-04

申请号：US15245886

申请日：2016-08-24

Applicant: Cisco Technology, Inc.

Inventor： K. Tirumaleswar Reddy ,  Daniel G. Wing ,  Blake Harrell Anderson ,  David McGrew

IPC: H04L29/06 ,  G06N99/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1425 ,  H04L2463/144

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

公开(公告)号：US20170374090A1

公开(公告)日：2017-12-28

申请号：US15191152

申请日：2016-06-23

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  Blake Harrell Anderson ,  K. Tirumaleswar Reddy ,  Prashanth Patil ,  Daniel G. Wing

IPC: H04L29/06 ,  H04L12/833 ,  H04L12/851 ,  H04L12/46 ,  H04L29/08 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/4641 ,  H04L41/16 ,  H04L43/026 ,  H04L43/04 ,  H04L47/2483 ,  H04L47/31 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.