Patent search ap:("CISCO TECHNOLOGY Page INC.") AND inv:"Khawar Deen"

21.

发明授权
System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack 有权

公开(公告)号：US10454793B2

公开(公告)日：2019-10-22

申请号：US15171879

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: G06F17/00 , G06F15/16 , G06F9/00 , H04L12/26 , H04L29/06 , G06F9/455 , G06N20/00 , G06F16/29 , G06F16/248 , G06F16/28 , G06F16/9535 , G06F16/2457 , H04L12/851 , H04L12/24 , H04W84/18 , H04L29/08 , G06F21/53 , H04L12/723 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , H04L12/715 , G06F21/55 , G06F21/56 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06N99/00 , G06F16/174 , G06F16/23

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

22.

发明授权
System and method of determining malicious processes 有权

公开(公告)号：US10439904B2

公开(公告)日：2019-10-08

申请号：US15171707

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: G06F11/00 , H04L12/26 , H04L29/06 , G06F9/455 , G06N20/00 , G06F16/29 , G06F16/248 , G06F16/28 , G06F16/9535 , G06F16/2457 , H04L12/851 , H04L12/24 , H04W84/18 , H04L29/08 , G06F21/53 , H04L12/723 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , H04L12/715 , G06F21/55 , G06F21/56 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06N99/00 , G06F16/174 , G06F16/23

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. A method includes determining a lineage for a process within the network and then evaluating, through knowledge of the lineage, the source of the command that initiated the process. The method includes capturing data from a plurality of capture agents at different layers of a network, each capture agent of the plurality of capture agents configured to observe network activity at a particular location in the network, developing, based on the data, a lineage for a process associated with the network activity and, based on the lineage, identifying an anomaly within the network.

23.

发明授权
System for monitoring and managing datacenters 有权

公开(公告)号：US10142353B2

公开(公告)日：2018-11-27

申请号：US15134100

申请日：2016-04-20

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav , Abhishek Ranjan Singh , Shashidhar Gandham , Ellen Christine Scheib , Omid Madani , Ali Parandehgheibi , Jackson Ngoc Ki Pang , Vimalkumar Jeyakumar , Michael Standish Watts , Hoang Viet Nguyen , Khawar Deen , Rohit Chandra Prasad , Sunil Kumar Gupta , Supreeth Hosur Nagesh Rao , Anubhav Gupta , Ashutosh Kulshreshtha , Roberto Fernando Spadaro , Hai Trong Vu , Varun Sagar Malhotra , Shih-Chun Chang , Bharathwaj Sankara Viswanathan , Fnu Rachita Agasthy , Duane Thomas Barlow

IPC: H04L29/06 , H04L12/26

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

24.

发明申请
Predicting Application And Network Performance 审中-公开

公开(公告)号：US20180278496A1

公开(公告)日：2018-09-27

申请号：US15467788

申请日：2017-03-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Ashutosh Kulshreshtha , Navindra Yadav , Khawar Deen , Jackson Pang , Supreeth Rao

IPC: H04L12/26 , H04L12/24 , H04L29/08

Abstract: An application and network analytics platform can capture comprehensive telemetry from servers and network devices operating within a network. The platform can discover flows running through the network, applications generating the flows, servers hosting the applications, computing resources provisioned and consumed by the applications, and network topology, among other insights. The platform can generate various models relating one set of application and network performance metrics to another. For example, the platform can model application latency as a function of computing resources provisioned to and/or actually used by the application, its host's total resources, and/or the distance of its host relative to other elements of the network. The platform can change the model by moving, removing, or adding elements to predict how the change affects application and network performance. In some situations, the platform can automatically act on predictions to improve application and network performance.

25.

发明申请
SYSTEM AND METHOD OF DETECTING HIDDEN PROCESSES BY ANALYZING PACKET FLOWS 审中-公开
Title translation: 通过分析包装流动检测隐藏过程的系统和方法

公开(公告)号：US20160359879A1

公开(公告)日：2016-12-08

申请号：US15171930

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L29/06

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F16/122 , G06F16/137 , G06F16/162 , G06F16/17 , G06F16/173 , G06F16/174 , G06F16/1744 , G06F16/1748 , G06F16/2322 , G06F16/235 , G06F16/2365 , G06F16/24578 , G06F16/248 , G06F16/285 , G06F16/288 , G06F16/29 , G06F16/9535 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N20/00 , G06N99/00 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Abstract translation: 一种方法包括使用部署在第一主机处的第一捕获代理捕获与来自第一主机的第一分组流相关联的第一数据，以产生第一流数据，从第二主捕获与第一主机起源的第二分组流相关联的第二数据部署在第一主机之外的捕获代理产生第二流数据并比较第一流数据和第二流数据以产生差异。当差异高于阈值时，该方法包括确定存在隐藏过程并且可以采取校正动作。

26.

发明申请
LATE DATA DETECTION IN DATA CENTER 审中-公开
Title translation: 数据中心的最新数据检测

公开(公告)号：US20160359711A1

公开(公告)日：2016-12-08

申请号：US15040829

申请日：2016-02-10

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L12/26 , H04J3/06 , H04J3/14 , H04L29/08

Abstract: Systems, methods, and non-transitory computer-readable storage media for synchronizing timestamps of a sensor report to the clock of a device. In one embodiment, the device receives a report from a sensor of a node. The report can include a network activity of the node captured by the sensor and a first timestamp relative to the clock of the node. The device can then determine a second timestamp relative to the clock of the collector indicating receipt of the report by the device and from the sensor at the node. The device can also determine a delta between the first timestamp and the second timestamp, and a communication latency associated with a communication channel between the device and the sensor. Next, the device can adjust the delta based on the communication latency, and generate a third timestamp based on the adjusted delta.

Abstract translation: 用于将传感器报告的时间戳与设备的时钟同步的系统，方法和非暂时的计算机可读存储介质。在一个实施例中，设备从节点的传感器接收报告。报告可以包括由传感器捕获的节点的网络活动和相对于节点的时钟的第一时间戳。然后，设备可以确定相对于收集器的时钟的第二时间戳，指示由设备和节点处的传感器接收报告。设备还可以确定第一时间戳和第二时间戳之间的增量，以及与设备和传感器之间的通信信道相关联的通信等待时间。接下来，设备可以基于通信延迟来调整增量，并且基于经调整的增量生成第三时间戳。

27.

发明申请
SYSTEM AND METHOD OF DETECTING PACKET LOSS IN A DISTRIBUTED SENSOR-COLLECTOR ARCHITECTURE 审中-公开
Title translation: 在分布式传感器收集架构中检测分组丢失的系统和方法

公开(公告)号：US20160359698A1

公开(公告)日：2016-12-08

申请号：US15171618

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L12/26

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F16/122 , G06F16/137 , G06F16/162 , G06F16/17 , G06F16/173 , G06F16/174 , G06F16/1744 , G06F16/1748 , G06F16/2322 , G06F16/235 , G06F16/2365 , G06F16/24578 , G06F16/248 , G06F16/285 , G06F16/288 , G06F16/29 , G06F16/9535 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N20/00 , G06N99/00 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: A method includes analyzing, via a first capturing agent, packets processed in a first environment associated with a first host to yield first data. The method includes analyzing, via a second capturing agent, packets processed by a second environment associated with a second host to yield second data, collecting the first data and the second data at a collector to yield aggregated data, transmitting the aggregated data to an analysis engine which analyzes the aggregated data to yield an analysis. Based on the analysis, the method includes identifying first packet loss at the first environment and second packet loss at the second environment.

Abstract translation: 一种方法包括经由第一捕获代理分析在与第一主机相关联的第一环境中处理的分组以产生第一数据。该方法包括经由第二捕获代理分析由与第二主机相关联的第二环境处理的分组以产生第二数据，在收集器处收集第一数据和第二数据以产生聚合数据，将聚合数据发送到分析引擎，分析聚合数据以产生分析。基于分析，该方法包括识别在第一环境下的第一分组丢失和在第二环境下的第二分组丢失。

28.

发明申请
TECHNIQUES FOR DETERMINING NETWORK TOPOLOGIES 有权
Title translation: 确定网络拓扑的技术

公开(公告)号：US20160359677A1

公开(公告)日：2016-12-08

申请号：US15135331

申请日：2016-04-21

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha , Hai Trong Vu , Michael Standish Watts , Jackson Ngoc Ki Pang , Navindra Yadav , Khawar Deen

IPC: H04L12/24 , H04L12/26

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F17/30241 , G06F17/3053 , G06F17/30554 , G06F17/30598 , G06F17/30604 , G06F17/30867 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N99/005 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: In one embodiment, a monitoring device (or module) monitors messages exchanged between nodes in a communication network. The monitoring device further determines, based on time stamp data associated with each message, one or more latency distributions of paired response times between the nodes, and determines a node topology consistent with each of the one or more latency distributions of paired response times between the nodes. In some embodiments, the monitoring device also generates a graph of the node topology showing one or more communication links between the nodes, and annotates each communication link of the one or more communication links with at least one of a mean response time or a median response time based on at least one of the latency distributions.

Abstract translation: 在一个实施例中，监视设备（或模块）监视在通信网络中的节点之间交换的消息。监测设备还基于与每个消息相关联的时间戳数据来确定节点之间的配对响应时间的一个或多个等待时间分布，并且确定与所述节点之间的配对响应时间的一个或多个等待时间分布中的每一个相一致的节点拓扑节点。在一些实施例中，监视设备还生成节点拓扑图，其中示出了节点之间的一个或多个通信链路，并且利用平均响应时间或中值响应中的至少一个来对一个或多个通信链路的每个通信链路进行注释基于至少一个延迟分布的时间。