公开(公告)号：US20200160100A1

公开(公告)日：2020-05-21

申请号：US16194442

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  David Tedaldi

IPC: G06K9/62 ,  H04L12/26 ,  G06F15/18

Abstract: In one embodiment, a device clusters traffic feature vectors for a plurality of endpoints in a network into a set of clusters. Each traffic feature vector comprises traffic telemetry data captured for one of the endpoints. The device selects one of the clusters for labeling, based in part on contextual data associated with the clusters that was not used to form the clusters. The device obtains a device type label for the selected cluster by providing data regarding the selected cluster and the contextual data associated with that cluster to a user interface. The device provides the device type label and the traffic feature vectors associated with the selected cluster for training a machine learning-based device type classifier.

公开(公告)号：US20200076677A1

公开(公告)日：2020-03-05

申请号：US16120529

申请日：2018-09-04

Applicant: Cisco Technology, Inc.

Inventor： Gregory Mermoud ,  David Tedaldi ,  Jean-Philippe Vasseur

IPC: H04L12/24 ,  G06N3/08 ,  G06N3/04

Abstract: In one embodiment, a network assurance service that monitors a network detects a behavioral anomaly in the network using an anomaly detector that compares an anomaly detection threshold to a target value calculated based on a first set of one or more measurements from the network. The service uses an explanation model to predict when the anomaly detector will detect anomalies. The explanation model takes as input a second set of one or more measurements from the network that differs from the first set. The service determines that the detected anomaly is explainable, based on the explanation model correctly predicting the detection of the anomaly by the anomaly detector. The service provides an anomaly detection alert for the detected anomaly to a user interface, based on the detected anomaly being explainable. The anomaly detection alert indicates at least one measurement from the second set as an explanation for the anomaly.

公开(公告)号：US20190356553A1

公开(公告)日：2019-11-21

申请号：US15983615

申请日：2018-05-18

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  David Tedaldi

IPC: H04L12/24 ,  H04L12/26 ,  G06K9/62

Abstract: In one embodiment, a network assurance service that monitors a network detects an anomaly in the network by applying an anomaly detector to telemetry data collected from the network. The service sends first data to a user interface that causes the interface to present the detected anomaly and one or more candidate root cause metrics from the telemetry data associated with the detected anomaly. The service receives feedback regarding the candidate root cause metric(s) and learns a root cause of the anomaly as one or more thresholds of the candidate root cause metric(s), based in part on the received feedback regarding the candidate root cause metric(s). The service sends second data to the user interface that causes the user interface to present at least one of the candidate root cause metric(s) as a candidate root cause of a subsequent detected anomaly, based on the learned threshold(s).