公开(公告)号：US10931692B1

公开(公告)日：2021-02-23

申请号：US15001806

申请日：2016-01-20

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Andrea Di Pietro

IPC: G06F11/00 ,  H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

公开(公告)号：US10673728B2

公开(公告)日：2020-06-02

申请号：US15880689

申请日：2018-01-26

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Grégory Mermoud

IPC: H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a local service of a network reports configuration information regarding the network to a cloud-based network assurance service. The local service receives a classifier selected by the cloud-based network assurance service based on the configuration information regarding the network. The local service classifies, using the received classifier, telemetry data collected from the network, to select a modeling strategy for the network. The local service installs, based on the modeling strategy for the network, a machine learning-based model to the local service for monitoring the network.

公开(公告)号：US20200099590A1

公开(公告)日：2020-03-26

申请号：US16697344

申请日：2019-11-27

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Erwan Barry Tarik Zerhouni

IPC: H04L12/24 ,  G06F21/62 ,  H04L12/26 ,  G06N20/00

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.

公开(公告)号：US10536344B2

公开(公告)日：2020-01-14

申请号：US15996645

申请日：2018-06-04

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Erwan Barry Tarik Zerhouni

IPC: H04L12/24 ,  G06F21/62 ,  H04L12/26 ,  G06N20/00

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.

公开(公告)号：US20190363971A1

公开(公告)日：2019-11-28

申请号：US15988084

申请日：2018-05-24

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L12/751 ,  H04L12/46 ,  H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a network assurance service that monitors a plurality of networks subdivides telemetry data regarding devices located in the networks into subsets, wherein each subset is associated with a device type, time period, metric type, and network. The service summarizes each subset by computing distribution percentiles of metric values in the subset. The service identifies an outlier subset by comparing distribution percentiles that summarize the subsets. The service reports insight data regarding the outlier subset to a user interface. The service adjusts the subsets based in part on feedback regarding the insight data from the user interface.

公开(公告)号：US10200404B2

公开(公告)日：2019-02-05

申请号：US15863257

申请日：2018-01-05

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06

Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.

公开(公告)号：US20180367428A1

公开(公告)日：2018-12-20

申请号：US15626412

申请日：2017-06-19

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Grégory Mermoud ,  Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L12/26 ,  H04L29/06 ,  G06F17/30

CPC classification number: H04L43/0817 ,  G06F16/24578 ,  G06N3/0472 ,  G06N3/08 ,  G06N5/003 ,  G06N5/04 ,  G06N7/005 ,  G06N20/10 ,  G06N20/20 ,  H04L41/0213 ,  H04L41/0816 ,  H04L41/145 ,  H04L41/147 ,  H04L43/08 ,  H04L43/10 ,  H04L63/1408 ,  H04L63/1433

Abstract: In one embodiment, a device receives health status data indicative of a health status of a data source in a network that provides collected telemetry data from the network for analysis by a machine learning-based network analyzer. The device maintains a performance model for the data source that models the health of the data source. The device computes a trustworthiness index for the telemetry data provided by the data source based on the received health status data and the performance model for the data source. The device adjusts, based on the computed trustworthiness index for the telemetry data provided by the data source, one or more parameters used by the machine learning-based network analyzer to analyze the telemetry data provided by the data source.

公开(公告)号：US09930057B2

公开(公告)日：2018-03-27

申请号：US14874594

申请日：2015-10-05

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04L29/06

CPC classification number: H04L63/1425

Abstract: In one embodiment, a device in a network captures a first set of packets based on first packet capture criterion. The captured first set of packets is provided for deep packet inspection and anomaly detection. The device receives a second packet capture criterion that differs from the first packet capture criterion. The device captures a second set of packets based on the second packet capture criterion. The device provides the captured second set of packets for deep packet inspection and anomaly detection. The anomaly detection of the captured first and second sets of packets is performed by a machine learning-based anomaly detector configured to generate anomaly detection results based in part on one or more traffic metrics gathered from the network and based further in part on deep packet inspection results of packets captured in the network.

公开(公告)号：US09870537B2

公开(公告)日：2018-01-16

申请号：US14164446

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Andrea Di Pietro

IPC: H04L29/06 ,  G06N99/00 ,  G06N3/08 ,  H04L12/26 ,  H04L12/24 ,  G06N3/04

CPC classification number: G06N99/005 ,  G06N3/0454 ,  G06N3/08 ,  G06N3/084 ,  H04L41/142 ,  H04L41/16 ,  H04L43/10 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416

Abstract: In one embodiment, a first data set is received by a network device that is indicative of the statuses of a plurality of network devices when a type of network attack is not present. A second data set is also received that is indicative of the statuses of the plurality of network devices when the type of network attack is present. At least one of the plurality simulates the type of network attack by operating as an attacking node. A machine learning model is trained using the first and second data set to identify the type of network attack. A real network attack is then identified using the trained machine learning model.

公开(公告)号：US20170279838A1

公开(公告)日：2017-09-28

申请号：US15212588

申请日：2016-07-18

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06 ,  G06N99/00

Abstract: In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function.