公开(公告)号：US11893456B2

公开(公告)日：2024-02-06

申请号：US16434274

申请日：2019-06-07

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Pierre-Andre Savalle ,  Sharon Shoshana Wulff ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: G06N20/00 ,  H04L41/0893 ,  G06F18/23 ,  G06F18/241

CPC classification number: G06N20/00 ,  G06F18/23 ,  G06F18/241 ,  H04L41/0893

Abstract: In one embodiment, a device classification service receives telemetry data indicative of behavioral characteristics of a plurality of devices in a network. The service obtains side information for the telemetry data. The service applies metric learning to the telemetry data and side information, to construct a distance function. The service uses the distance function to cluster the telemetry data into device clusters. The service associates a device type label with a particular device cluster.

公开(公告)号：US20230027995A1

公开(公告)日：2023-01-26

申请号：US17381343

申请日：2021-07-21

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Jean-Philippe VASSEUR ,  Grégory MERMOUD ,  Pierre-André SAVALLE ,  Vinay Kumar KOLAR

IPC: H04W28/02 ,  H04L12/24

Abstract: In one embodiment, a device obtains information regarding temporary routing patches applied to a network. Each temporary routing patch implements a routing change in the network for a specified amount of time to avoid or mitigate against a service level agreement violation. The device evaluates, using the information regarding the temporary routing patches applied to the network, a plurality of replay scenarios for the network. The device determines, based on the plurality of replay scenarios, a long-term configuration change for the network. The device provides an indication of the long-term configuration change for display.

公开(公告)号：US11438240B2

公开(公告)日：2022-09-06

申请号：US16808896

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： Mukund Yelahanka Raghuprasad ,  David Tedaldi ,  Vinay Kumar Kolar ,  Jean-Philippe Vasseur

IPC: H04L41/16 ,  G06N3/08 ,  H04L47/2441 ,  H04L41/5019 ,  G06K9/62

Abstract: In one embodiment, a service receives telemetry data indicative of a plurality of performance metrics captured in a network. The service jointly trains, using the received telemetry data, a compression model and an inference model, the compression model being a first machine learning model trained to convert the telemetry data into a compressed representation of the telemetry data and the inference model being a second machine learning model trained to take the compressed representation of the telemetry data as input and apply a classification label to it. The service deploys the compression model to the network. The service receives compressed telemetry data generated by the compression model deployed to the network. The service uses the inference model to classify the compressed telemetry data generated by the compression model deployed to the network.

公开(公告)号：US11297079B2

公开(公告)日：2022-04-05

申请号：US16404153

申请日：2019-05-06

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Pierre-Andre Savalle ,  Grégory Mermoud ,  David Tedaldi

IPC: H04L29/06 ,  G06N20/00 ,  G06F16/28

Abstract: In one embodiment, a device classification service forms a device cluster by applying clustering to telemetry data associated with a plurality of devices. The service obtains device type labels for the device cluster. The service generates a device type classification rule using the device type labels and the telemetry data. The service determines whether the device type classification rule should be revalidated by applying a revalidation policy to the device type classification rule. The service revalidates the device type classification rule, based on a determination that the device type classification rule should be revalidated.

公开(公告)号：US20210335505A1

公开(公告)日：2021-10-28

申请号：US16860581

申请日：2020-04-28

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Grégory Mermoud ,  Jürg Nicolaus Diemand ,  Jean-Philippe Vasseur ,  Pierre-André Savalle

IPC: G16Y40/35 ,  G06K9/62 ,  G06F3/0482

Abstract: In various embodiments, a device obtains a set of device classification rules. Each device classification rule specifies one or more attributes from a set of attributes and being configured to assign a device type to an endpoint in a network when the endpoint exhibits the one or more attributes specified by that rule. The device forms a graphical representation of the set of attributes. The device performs an analysis of the graphical representation of the set of attributes. The device provides a result of the analysis to a user interface.

公开(公告)号：US11146463B2

公开(公告)日：2021-10-12

申请号：US16431782

申请日：2019-06-05

Applicant: Cisco Technology, inc.

Inventor： David Tedaldi ,  Grégory Mermoud ,  Vinay Kumar Kolar ,  Jean-Philippe Vasseur ,  Pierre-Andre Savalle

IPC: H04L12/24 ,  H04L12/46 ,  G06N20/00 ,  H04L12/715 ,  G06N3/04 ,  G06N3/08

Abstract: In one embodiment, a device constructs a set of controlled what-if input parameters for evaluating a what-if scenario in a network. The device uses the set of controlled what-if input parameters and state data indicative of a current state of the network as input to a network state model. The network state model predicts values for the state data conditioned on the what-if input parameters. The device predicts a key performance indicator (KPI) in the network by using the predicted values for the state data from the network state model as input to a machine learning-based KPI prediction model. The device initiates a routing change in the network based in part on the predicted KPI.

公开(公告)号：US20210297442A1

公开(公告)日：2021-09-23

申请号：US16823650

申请日：2020-03-19

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-André Savalle ,  David Tedaldi

IPC: H04L29/06

Abstract: In various embodiments, a device classification service clusters devices in a network into a device type cluster based on attributes associated with the devices. The device classification service tracks changes to the device type cluster over time. The device classification service detects an attack on the device classification service by one or more of the devices based on the tracked changes to the device type cluster. The device classification service initiates a mitigation action for the detected attack on the device classification service.

公开(公告)号：US10999146B1

公开(公告)日：2021-05-04

申请号：US16854292

申请日：2020-04-21

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  David Tedaldi ,  Jürg Nicolaus Diemand ,  Stéphane Bernard Martin

IPC: G06F15/16 ,  H04L12/24 ,  G06F16/35 ,  G06N20/00 ,  H04L12/26

Abstract: In various embodiments, a device classification service forms a device cluster by applying clustering to attributes of endpoint devices observed in one or more networks. The device classification service applies an initial device classification rule to the endpoint devices in the device cluster, based on one or more of the endpoint devices in the device cluster matching the initial device classification rule. The device classification service computes metrics for the initial device classification rule that quantify how well the attributes of the endpoint devices in the device cluster match the initial device classification rule. The device classification service decides, based on the metrics, whether to associate the initial device classification rule with the device cluster or generate a new device classification rule based on the device cluster.

公开(公告)号：US20200382373A1

公开(公告)日：2020-12-03

申请号：US16428202

申请日：2019-05-31

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Pierre-Andre Savalle ,  David Tedaldi

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/723

Abstract: In one embodiment, a service receives a plurality of device type classification rules, each rule comprising a device type label and one or more device attributes used as criteria for application of the label to a device in a network. The service estimates, across a space of the device attributes, device densities of devices having device attributes at different points in that space. The service uses the estimated device densities to identify two or more of the device type classification rules as having overlapping device attributes. The service determines that the two or more device type classification rules are in conflict, based on the two or more rules having different device type labels. The service generates a rule conflict resolution that comprises one of the device type labels from the conflicting two or more device type classification rules.

公开(公告)号：US10771313B2

公开(公告)日：2020-09-08

申请号：US15881909

申请日：2018-01-29

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: H04L12/24

Abstract: In one embodiment, a network assurance service receives one or more sets of network characteristics of a network, each network characteristic forming a different feature dimension in a multi-dimensional feature space. The network assurance service applies machine learning-based anomaly detection to the one or more sets of network characteristics, to label each set of network characteristics as anomalous or non-anomalous. The network assurance service identifies, based on the labeled one or more sets of network characteristics, an anomaly pattern as a collection of unidimensional cutoffs in the feature space. The network assurance service initiates a change to the network based on the identified anomaly pattern.