公开(公告)号：US11665017B2

公开(公告)日：2023-05-30

申请号：US15907952

申请日：2018-02-28

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Shesha Bhushan Sreenivasamurthy

IPC: G06N3/08 ,  G06K9/62 ,  H04L12/40

CPC classification number: G06N3/08 ,  G06K9/6278 ,  H04L12/40 ,  H04L12/40136 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: In one embodiment, a processor of a vehicle detects a difference between a physical characteristic of the vehicle predicted by a first machine learning-based model and a physical characteristic of the vehicle indicated by telemetry data generated by a sub-system of the vehicle. The processor forms a packet payload of an update packet indicative of the detected difference, based in part on a relevancy of the physical characteristic to the first machine learning-based model. The processor applies a synchronization strategy to the update packet, to synchronize the update packet with a second machine learning-based model executed by a receiver. The processor sends the update packet to the receiver via a network, to update the second machine learning-based model.

公开(公告)号：US11110895B2

公开(公告)日：2021-09-07

申请号：US15948134

申请日：2018-04-09

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Nancy Cam-Winget ,  Andrew Michael McPhee

IPC: B60R25/34 ,  G06N5/04 ,  B60R25/104 ,  B60R25/10 ,  G06F30/20 ,  H04L12/40

Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.

公开(公告)号：US11092664B2

公开(公告)日：2021-08-17

申请号：US16740158

申请日：2020-01-10

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Amr Elnakeeb ,  David Delano Ward

IPC: G01S5/02 ,  H04B3/52 ,  H04W24/02 ,  H04W64/00 ,  H04B3/54 ,  G01S5/06

Abstract: In one embodiment, a service receives signal characteristic data indicative of characteristics of wireless signals received by one or more antennas located in a particular area. The service uses the received signal characteristic data as input to a Bayesian inference model to predict physical states of an object located in the particular area. A physical state of the object is indicative of at least one of: a mass, a velocity, an acceleration, a surface area, or a location of the object. The service updates the Bayesian inference model based in part on the predicted state of the object and a change in the received signal characteristic data and based in part by enforcing Newtonian motion dynamics on the predicted physical states.

公开(公告)号：US10853499B2

公开(公告)日：2020-12-01

申请号：US15949560

申请日：2018-04-10

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Raghuram S. Sudhaakar ,  Nancy Cam-Winget

IPC: G06F21/57 ,  G06N20/00 ,  G06F21/55

Abstract: In one example embodiment, a network-connected device provides or obtains one or more computer network communications protected by a key. The network-connected device determines a count of the one or more computer network communications according to one or more properties of the one or more computer network communications. Based on the count of the one or more computer network communications, the network-connected device computes an information entropy of the key. Based on the information entropy of the key, the network-connected device dynamically generates a predicted threat level of the key.

公开(公告)号：US10362083B2

公开(公告)日：2019-07-23

申请号：US15790719

申请日：2017-10-23

Applicant: Cisco Technology, Inc.

Inventor： Vijaynarayanan Subramanian ,  Raghuram S. Sudhaakar ,  David A. Maluf

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F16/2455

Abstract: Information describing a rule to be applied to a traffic stream is received at an edge network device. The traffic stream is received at the edge network device. A schema is applied to the traffic stream at the edge network device. It is determined that a rule triggering condition has been met. The rule is applied to the traffic stream, at the edge network device, in response to the rule triggering condition having been met. At least one of determining that the rule triggering event has taken place or applying the rule is performed based on the applied schema.

公开(公告)号：US20190171823A1

公开(公告)日：2019-06-06

申请号：US15949560

申请日：2018-04-10

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Raghuram S. Sudhaakar ,  Nancy Cam-Winget

IPC: G06F21/57

Abstract: In one example embodiment, a network-connected device provides or obtains one or more computer network communications protected by a key. The network-connected device determines a count of the one or more computer network communications according to one or more properties of the one or more computer network communications. Based on the count of the one or more computer network communications, the network-connected device computes an information entropy of the key. Based on the information entropy of the key, the network-connected device dynamically generates a predicted threat level of the key.

公开(公告)号：US20160357524A1

公开(公告)日：2016-12-08

申请号：US15176912

申请日：2016-06-08

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Todd M. Baker ,  Haihua Xiao ,  Yi Wang ,  Ashutosh A. Malegaonkar ,  Yajun Zhang

IPC: G06F9/44 ,  H04L12/24

CPC classification number: G06F8/34 ,  G06F8/30 ,  H04L41/0856 ,  H04L41/12

Abstract: According to one or more embodiments of the disclosure, thing discovery and configuration for an Internet of Things (IoT) integrated developer environment (IDE) is shown and described. In particular, in one embodiment, a computer operates an IoT IDE that discovers real-world physical devices within a computer network that are available to participate with the IoT IDE. The IoT IDE may then determine a respective functionality of each of the real-world physical devices, and virtually represents the real-world physical devices as selectable options within the IoT IDE for an IoT application, where a respective virtual representation of each of the real-world physical devices is configured within the IoT IDE with the corresponding respective functionality of that real-world physical device. Simulating the IoT application within the IoT IDE then relays input and/or output (I/O) between the IoT IDE and a selected set of real-world physical devices according to their corresponding respective functionality.

Abstract translation: 根据本公开的一个或多个实施例，示出并描述了物联网（IoT）集成开发者环境（IDE）的事物发现和配置。 特别地，在一个实施例中，计算机操作IoT IDE，其发现可以与IoT IDE一起参与的计算机网络内的真实世界物理设备。 然后，IoT IDE可以确定每个真实世界物理设备的相应功能，并将物理设备虚拟地表示为用于IoT应用的IoT IDE内的可选择选项，其中每个实际物理设备的相应虚拟表示 世界物理设备在IoT IDE内配置了该实际物理设备的相应功能。 模拟IoT IDE中的IoT应用程序，然后根据它们对应的相应功能，中继IoT IDE和所选真实世界物理设备集之间的输入和/或输出（I / O）。

公开(公告)号：US20150213056A1

公开(公告)日：2015-07-30

申请号：US14163169

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Raghuram S. Sudhaakar ,  James D. Stanley, III ,  Sateesh K. Addepalli

IPC: G06F17/30 ,  G06T7/00

CPC classification number: G06F17/30247 ,  G06F17/30 ,  G06F17/30321 ,  G06F17/30858 ,  G06T7/30 ,  G06T2210/12 ,  H04N21/23109 ,  H04N21/23418 ,  H04N21/235 ,  H04N21/4728

Abstract: In one embodiment, a stream of data packets originated by a visual data source is received at an edge device in a network. The data packets include at least one of video data, image data, and geo spatial data. Next, a visual data attribute is extracted at the edge device from the stream of data packets according to an edge-based extraction algorithm. The extracted visual data attribute is vectorized at the edge device via quantization vectors. The vectorized visual data attribute is then indexed at the edge device in a schema-less database that stores indexed visual data attributes.

Abstract translation: 在一个实施例中，由视觉数据源发起的数据分组流在网络中的边缘设备处被接收。 数据分组包括视频数据，图像数据和地理空间数据中的至少一个。 接下来，根据基于边缘的提取算法，在边缘设备处从数据分组流中提取可视数据属性。 提取的视觉数据属性通过量化向量在边缘设备进行向量化。 然后，向量化的可视数据属性在存储索引的可视数据属性的无模式数据库中的边缘设备处进行索引。

公开(公告)号：US20240388901A1

公开(公告)日：2024-11-21

申请号：US18319400

申请日：2023-05-17

Applicant: Cisco Technology, Inc.

Inventor： INDERMEET SINGH GANDHI ,  Frank Michaud ,  Jerome Henry ,  David A. Maluf

IPC: H04W12/06 ,  H04L9/40

Abstract: A method of continuous multi-factor authentication may include executing wireless sensing based at least in part on execution of a continuous multi-factor authentication (CMFA) application at a computing device, collecting channel state information (CSI) data from a network device communicatively coupled to the computing device, transmitting the CSI data to a CMFA device, and receiving a trust score from the CMFA device based on the CSI data.

公开(公告)号：US20240297868A1

公开(公告)日：2024-09-05

申请号：US18659296

申请日：2024-05-09

Applicant: Cisco Technology, Inc.

Inventor： David A. Maluf ,  Srinath Gundavelli ,  Pascal Thubert ,  Pradeep Kumar Kathail ,  Eric Levy-Abegnoli ,  Eric Voit ,  Ali Sajassi

IPC: H04L9/40 ,  H04L61/2521 ,  H04L61/2539 ,  H04L61/4511

CPC classification number: H04L63/0421 ,  H04L61/2525 ,  H04L61/2539 ,  H04L61/4511

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.