公开(公告)号：US10728119B2

公开(公告)日：2020-07-28

申请号：US15145493

申请日：2016-05-03

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  H04L29/06 ,  G06F16/29 ,  G06F16/28 ,  H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  G06N20/00 ,  G06F16/248 ,  G06F16/9535 ,  G06F16/2457 ,  G06F21/55 ,  G06F21/56 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: Application dependency mapping (ADM) can be automated in a network. The network can determine whether certain nodes form a cluster of a tier of an application. The network can monitor network data and process data for traffic passing through the network using a sensor network that provides multiple perspectives for the traffic. The network can analyze the network data and process data to determine respective feature vectors for nodes. A feature vector may represent a combination of the features corresponding to the network data and the features corresponding to the process data of a node. The network can compare the similarity of the respective feature vectors and determine each node's cluster based on similarity measures between nodes.

公开(公告)号：US10594542B2

公开(公告)日：2020-03-17

申请号：US15796687

申请日：2017-10-27

Applicant: Cisco Technology, Inc.

Inventor： Vimal Jeyakumar ,  Ali Parandehgheibi ,  Andy Sloane ,  Ashutosh Kulshreshtha ,  Navindra Yadav ,  Omid Madani

IPC: H04L12/24 ,  G06N20/00

Abstract: Disclosed herein is a multi-level analysis for determining a root cause of a network problem by performing a first level of the multi-level process that includes collecting data from one or more network components, generating a set of system metrics where each system metric of the set representing a portion of the data, ranking the set of system metrics based on a level of correlation of each system metric to the network problem to yield a ranked set of system metrics, and providing a visual representation of the first level of the multi-level process. A second level of the multi-level process includes receiving an input identifying one or more of the ranked set of system metrics to be excluded from analysis and performing a conditional analysis using only ones of the set of system metrics that are not identified for exclusion.

公开(公告)号：US10326672B2

公开(公告)日：2019-06-18

申请号：US15145666

申请日：2016-05-03

Applicant: Cisco Technology, Inc.

Inventor： Ellen Christine Scheib ,  Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F16/29 ,  G06F16/248 ,  G06F16/28 ,  G06F16/9535 ,  G06F16/2457 ,  H04L12/851 ,  H04L12/24 ,  H04W84/18 ,  H04L29/08 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725 ,  H04L12/715 ,  G06F21/55 ,  G06F21/56 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06N99/00 ,  G06F16/174 ,  G06F16/23

Abstract: Application dependency mapping (ADM) can be automated in a network. The network can determine an optimum number of clusters for the network using the minimum description length principle (MDL). The network can capture network and associated data using a sensor network that provides multiple perspectives and generate a graph therefrom. The nodes of the graph can include sources, destinations, and destination ports identified in the captured data, and the edges of the graph can include observed flows from the sources to the destinations at the destination ports. Each clustering can be evaluated according to an MDL score. The optimum number of clusters for the network may correspond to the number of clusters of the clustering associated with the minimum MDL score.

公开(公告)号：US20190132190A1

公开(公告)日：2019-05-02

申请号：US15796687

申请日：2017-10-27

Applicant: Cisco Technology, Inc.

Inventor： Vimal Jeyakumar ,  Ali Parandehgheibi ,  Andy Sloane ,  Ashutosh Kulshreshtha ,  Navindra Yadav ,  Omid Madani

IPC: H04L12/24 ,  G06N99/00

Abstract: Disclosed herein is a multi-level analysis for determining a root cause of a network problem by performing a first level of the multi-level process that includes collecting data from one or more network components, generating a set of system metrics where each system metric of the set representing a portion of the data, ranking the set of system metrics based on a level of correlation of each system metric to the network problem to yield a ranked set of system metrics, and providing a visual representation of the first level of the multi-level process. A second level of the multi-level process includes receiving an input identifying one or more of the ranked set of system metrics to be excluded from analysis and performing a conditional analysis using only ones of the set of system metrics that are not identified for exclusion.

公开(公告)号：US20190081959A1

公开(公告)日：2019-03-14

申请号：US16179027

申请日：2018-11-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  FNU Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20170034018A1

公开(公告)日：2017-02-02

申请号：US15153604

申请日：2016-05-12

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Mohammadreza Alizadeh Attar ,  Vimalkumar Jeyakumar ,  Omid Madani ,  Ellen Christine Scheib ,  Navindra Yadav

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: This disclosure generally relates to a method and system for generating a communication graph of a network using an application dependency mapping (ADM) pipeline. In one aspect of the disclosure, the method comprises receiving network data (e.g., flow data and process information at each node) from a plurality of sensors associated with a plurality of nodes of the network, determining a plurality of vectors and an initial graph of the plurality of nodes based upon the network data, determining similarities between the plurality of vectors, clustering the plurality of vectors into a plurality of clustered vectors based upon the similarities between the plurality of vectors, and generating a communication graph of the network system based upon the plurality of clustered vectors.

Abstract translation: 本公开通常涉及用于使用应用依赖关系映射（ADM）流水线生成网络的通信图的方法和系统。 在本公开的一个方面，该方法包括从与网络的多个节点相关联的多个传感器中接收网络数据（例如，每个节点处的流数据和处理信息），确定多个向量和初始图 基于所述网络数据的所述多个节点，确定所述多个向量之间的相似性，基于所述多个向量之间的相似度将所述多个向量聚类成多个向量，并且基于所述多个向量生成所述网络系统的通信图 多个聚类向量。

公开(公告)号：US20160359680A1

公开(公告)日：2016-12-08

申请号：US15145493

申请日：2016-05-03

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/24 ,  H04L12/725 ,  H04L12/715

Abstract: Application dependency mapping (ADM) can be automated in a network. The network can determine whether certain nodes form a cluster of a tier of an application. The network can monitor network data and process data for traffic passing through the network using a sensor network that provides multiple perspectives for the traffic. The network can analyze the network data and process data to determine respective feature vectors for nodes. A feature vector may represent a combination of the features corresponding to the network data and the features corresponding to the process data of a node. The network can compare the similarity of the respective feature vectors and determine each node's cluster based on similarity measures between nodes.

Abstract translation: 应用程序依赖关系映射（ADM）可以在网络中自动化。 网络可以确定某些节点是否形成应用层的集群。 该网络可以监视网络数据并处理通过网络传输的流量的数据，该传感器网络为流量提供多个视角。 网络可以分析网络数据和处理数据，以确定节点的相应特征向量。 特征向量可以表示对应于网络数据的特征和与节点的过程数据相对应的特征的组合。 网络可以比较各个特征向量的相似度，并根据节点之间的相似性度量来确定每个节点的簇。

公开(公告)号：US20240348625A1

公开(公告)日：2024-10-17

申请号：US18751871

申请日：2024-06-24

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425 ,  H04L43/062

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20220159357A1

公开(公告)日：2022-05-19

申请号：US17529727

申请日：2021-11-18

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Omid Madani ,  Vimal Jeyakumar ,  Navindra Yadav ,  Ali Parandehgheibi ,  Andy Sloane ,  Kai Chang ,  Khawar Deen ,  Shih-Chun Chang ,  Hai Vu

IPC: H04Q9/02 ,  H04L43/04 ,  G06F11/34 ,  H04L9/40 ,  H04L43/026 ,  H04L41/0631 ,  H04L41/0681

Abstract: An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

公开(公告)号：US20220109701A1

公开(公告)日：2022-04-07

申请号：US17063864

申请日：2020-10-06

Applicant: Cisco Technology, Inc.

Inventor： Weifei Zeng ,  Sai Ankith Averineni ,  Omid Madani ,  Paul Mach ,  Yash Vipul Doshi ,  Sasidhar Evuru ,  Sayeed Mohammed Tasnim ,  Sameer Salim Mahomed Ali Ladiwala ,  Chakradhar Reddy Vangeti ,  Thanh Nhan Nguyen ,  Varun Malhotra ,  Shashidhar Gandham ,  Navindra Yadav ,  Thanh Trung Ngo ,  Maxwell Aaron Mechanic

IPC: H04L29/06 ,  H04L12/851 ,  H04L12/24

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for discovering policy scopes within an enterprise network and managing network policies for discovered policy scopes. In one aspect, a method includes identifying one or more communities of devices in an enterprise network; defining, from the one or more communities of devices, policy scopes in the enterprise network; generating a hierarchical representation of the policy scopes; identifying, based on the hierarchical representation of the policy scopes, one or more policies governing traffic flow between devices associated with each of the policy scopes; and managing application of the one or more policies at the devices.