-
公开(公告)号:US10701095B2
公开(公告)日:2020-06-30
申请号:US16190756
申请日:2018-11-14
Applicant: Cisco Technology, Inc.
Inventor: Pierre-André Savalle , Grégory Mermoud , Laurent Sartran , Jean-Philippe Vasseur
Abstract: In one embodiment, a device in a network maintains a plurality of anomaly detection models for different sets of aggregated traffic data regarding traffic in the network. The device determines a measure of confidence in a particular one of the anomaly detection models that evaluates a particular set of aggregated traffic data. The device dynamically replaces the particular anomaly detection model with a second anomaly detection model configured to evaluate the particular set of aggregated traffic data and has a different model capacity than that of the particular anomaly detection model. The device provides an anomaly event notification to a supervisory controller based on a combined output of the second anomaly detection model and of one or more of the anomaly detection models in the plurality of anomaly detection models.
-
公开(公告)号:US10659333B2
公开(公告)日:2020-05-19
申请号:US15188175
申请日:2016-06-21
Applicant: Cisco Technology, Inc.
Inventor: Laurent Sartran , Pierre-André Savalle , Jean-Philippe Vasseur , Grégory Mermoud , Javier Cruz Mota , Sébastien Gay
IPC: H04L12/26
Abstract: In one embodiment, a device in a network determines cluster assignments that assign traffic data regarding traffic in the network to activity level clusters based on one or more measures of traffic activity in the traffic data. The device uses the cluster assignments to predict seasonal activity for a particular subset of the traffic in the network. The device determines an activity level for new traffic data regarding the particular subset of traffic in the network. The device detects a network anomaly by comparing the activity level for the new traffic data to the predicted seasonal activity.
-
Patent Agency Ranking
公开(公告)号:US10404728B2
公开(公告)日:2019-09-03
申请号:US15263487
申请日:2016-09-13
Applicant: Cisco Technology, Inc.
Inventor: Laurent Sartran , Sébastien Gay , Pierre-André Savalle , Grégory Mermoud , Jean-Philippe Vasseur
Abstract: In one embodiment, a device in a network receives traffic records indicative of network traffic between different sets of host address pairs. The device identifies one or more address grouping constraints for the sets of host address pairs. The device determines address groups for the host addresses in the sets of host address pairs based on the one or more address grouping constraints. The device provides an indication of the address groups to an anomaly detector.
-
公开(公告)号:US20180013776A1
公开(公告)日:2018-01-11
申请号:US15205122
申请日:2016-07-08
Applicant: Cisco Technology, Inc.
Inventor: Sébastien Gay , Laurent Sartran , Jean-Philippe Vasseur
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06N99/005 , H04L63/20
Abstract: In one embodiment, a device in a network receives sets of traffic flow features from an unsupervised machine learning-based anomaly detector. The sets of traffic flow features are associated with anomaly scores determined by the anomaly detector. The device ranks the sets of traffic flow features based in part on their anomaly scores. The device applies a genetic programming approach to the ranked sets of traffic flow features to generate new sets of traffic flow features. The genetic programming approach uses a fitness function that is based in part on the rankings of the sets of traffic flow features. The device specializes the anomaly detector to emphasize a particular type of anomaly using the new sets of traffic flow features.
-
公开(公告)号:US20170279834A1
公开(公告)日:2017-09-28
申请号:US15211093
申请日:2016-07-15
Applicant: Cisco Technology, Inc.
Inventor: Jean-Philippe Vasseur , Grégory Mermoud , Javier Cruz Mota , Laurent Sartran , Sébastien Gay
CPC classification number: H04L63/1425 , G06N3/006 , G06N20/00 , H04L41/147 , H04L43/024 , H04L43/062 , H04L43/14 , H04L63/02 , H04L63/145 , H04L63/1458 , H04L2463/144
Abstract: In one embodiment, a device in a network receives feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface. The device determines an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback. The device receives an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents. The device reports, via the anomaly reporting mechanism, the particular anomaly to the user interface based on the determined anomaly assessment rate.
-
公开(公告)号:US20170279827A1
公开(公告)日:2017-09-28
申请号:US15163347
申请日:2016-05-24
Applicant: Cisco Technology, Inc.
Inventor: Pierre-André Savalle , Laurent Sartran , Jean-Philippe Vasseur , Grégory Mermoud
CPC classification number: H04L63/1425 , H04L63/1416 , H04L67/02 , H04L67/22 , H04L69/22
Abstract: In one embodiment, a device in a network identifies a new interaction between two or more nodes in the network. The device forms a feature vector using contextual information associated with the new interaction between the two or more nodes. The device causes generation of an anomaly detection model for new node interactions using the feature vector. The device uses the anomaly detection model to determine whether a particular node interaction in the network is anomalous.
-
公开(公告)号:US20160219070A1
公开(公告)日:2016-07-28
申请号:US14989920
申请日:2016-01-07
Applicant: Cisco Technology, Inc.
Inventor: Jean-Philippe Vasseur , Grégory Mermoud , Laurent Sartran
IPC: H04L29/06 , H04L12/751 , G06N99/00 , H04L12/707
CPC classification number: H04L63/1425 , G06F21/552 , G06N99/005 , H04L45/02 , H04L45/22 , H04L45/306
Abstract: In one embodiment, a device in a network receives traffic metrics for a plurality of applications in the network. The device populates a feature space for a machine learning-based anomaly detector. The device identifies a missing dataset in the feature space for a particular one of the plurality of applications. The device adjusts how traffic is sent in the network, to capture the missing dataset.
Abstract translation: 在一个实施例中,网络中的设备接收网络中的多个应用的业务量度。 该设备填充基于机器学习的异常检测器的特征空间。 所述设备识别所述多个应用中的特定空间的所述特征空间中的丢失数据集。 该设备调整网络中流量的发送方式,以捕获丢失的数据集。
-
-
-
-
-
-
Search Results
27
records
(took 0.018 seconds)
