-
公开(公告)号:US09922196B2
公开(公告)日:2018-03-20
申请号:US15386873
申请日:2016-12-21
CPC分类号: G06F21/577 , G06F2221/034 , H04L63/1408 , H04L63/1425 , H04L63/1433 , H04L63/1458 , H04L67/1002
摘要: In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.
-
公开(公告)号:US20170279685A1
公开(公告)日:2017-09-28
申请号:US15212617
申请日:2016-07-18
CPC分类号: H04L41/12 , H04L41/046 , H04L43/08 , H04L63/1416 , H04L63/1425 , H04L63/145 , H04L63/1458 , H04L67/02
摘要: In one embodiment, a device in a network monitors a selective anomaly forwarding mechanism deployed in the network. The selective anomaly forwarding mechanism causes a participating node in the mechanism to selectively forward detected network anomalies to the device. The device monitors one or more resources of the network. The device determines an adjustment to the selective anomaly forwarding mechanism based on the one or more monitored resources of the network. The device implements the determined adjustment to the selective anomaly forwarding mechanism.
-
公开(公告)号:US09674207B2
公开(公告)日:2017-06-06
申请号:US14338794
申请日:2014-07-23
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1408 , H04L63/1441 , H04L63/1458
摘要: In one embodiment, a device in a network identifies a set of traffic flow records that triggered an attack detector. The device selects a subset of the traffic flow records and calculates aggregated metrics for the subset. The device provides the aggregated metrics for the subset to the attack detector to generate an attack detection determination for the subset of traffic flow records. The device identifies one or more attack traffic flows from the set of traffic flow records based on the attack detection determination for the subset of traffic flow records.
-
公开(公告)号:US09641542B2
公开(公告)日:2017-05-02
申请号:US14336206
申请日:2014-07-21
CPC分类号: H04L63/1416 , H04L63/1458
摘要: In one embodiment, a device in a network receives information regarding one or more attack detection service level agreements. The device identifies a set of attack detection classifiers as potential voters in a voting mechanism used to detect a network attack. The device determines one or more parameters for the voting mechanism based on the information regarding the one or more attack detection service level agreements. The device adjusts the voting mechanism used by the potential voters based on the one or more parameters for the voting mechanism.
-
公开(公告)号:US09635050B2
公开(公告)日:2017-04-25
申请号:US14338526
申请日:2014-07-23
CPC分类号: H04L63/1458 , G06F21/55 , G06N99/005 , H04L63/02 , H04L63/0227 , H04L63/1416
摘要: In one embodiment, data flows are received in a network, and information relating to the received data flows is provided to a machine learning attack detector. Then, in response to receiving an attack detection indication from the machine teaming attack detector, a traffic segregation procedure is performed including: computing an anomaly score for each of the received data flows based on a degree of divergence from an expected traffic model, determining a subset of the received data flows that have an anomaly score that is lower than or equal to an anomaly threshold value, and providing information relating to the subset of the received data flows to the machine learning attack detector.
-
公开(公告)号:US20170099309A1
公开(公告)日:2017-04-06
申请号:US14874591
申请日:2015-10-05
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L63/1416
摘要: In one embodiment, a device in a network analyzes data regarding a detected anomaly in the network. The device determines whether the detected anomaly is a false positive. The device generates a white label for the detected anomaly based on a determination that the detected anomaly is a false positive. The device causes one or more alerts regarding the detected anomaly to be suppressed using the generated white label for the anomaly.
-
公开(公告)号:US09503466B2
公开(公告)日:2016-11-22
申请号:US14164482
申请日:2014-01-27
IPC分类号: G06N3/08 , H04L29/06 , G06N99/00 , H04L12/26 , G06N3/02 , H04L12/24 , H04L12/801 , H04L12/855 , H04L12/891 , H04L12/753
CPC分类号: H04L63/1425 , G06N3/02 , G06N3/08 , G06N3/084 , G06N99/005 , H04L41/16 , H04L43/0876 , H04L45/48 , H04L47/127 , H04L47/2466 , H04L47/41
摘要: In one embodiment, a first network device receives a notification that the first network device has been selected to validate a machine learning model for a second network device. The first network device receives model parameters for the machine learning model that were generated by the second network device using training data on the second network device. The model parameters are used with local data on the first network device to determine performance metrics for the model parameters. The performance metrics are then provided to the second network device.
摘要翻译: 在一个实施例中,第一网络设备接收第一网络设备已经被选择以验证第二网络设备的机器学习模型的通知。 第一网络设备接收由第二网络设备使用第二网络设备上的训练数据生成的机器学习模型的模型参数。 模型参数与第一个网络设备上的本地数据一起使用,以确定模型参数的性能指标。 然后将性能度量提供给第二网络设备。
-
公开(公告)号:US09497215B2
公开(公告)日:2016-11-15
申请号:US14338653
申请日:2014-07-23
CPC分类号: H04L63/1458 , H04L63/1416 , H04L2463/141
摘要: In one embodiment, attack traffic corresponding to a detected DoS attack from one or more attacker nodes is received at a denial of service (DoS) attack management node in a network. The DoS attack management node determines attack information relating to the attack traffic, including a type of the DoS attack and an intended target of the DoS attack. Then, the DoS attack management node triggers an attack mimicking action based on the attack information, where the attack mimicking action mimics a behavior of the intended target of the DoS attack that would be expected by the one or more attacker nodes if the DoS attack were successful.
摘要翻译: 在一个实施例中,在网络中的拒绝服务(DoS)攻击管理节点处接收与来自一个或多个攻击者节点的检测到的DoS攻击相对应的攻击流量。 DoS攻击管理节点确定与攻击流量相关的攻击信息,包括DoS攻击的类型和DoS攻击的预期目标。 然后,DoS攻击管理节点基于攻击信息触发攻击模拟动作,其中攻击模拟动作模仿DoS攻击的预期目标的行为,如果DoS攻击是由一个或多个攻击者节点预期的 成功
-
69.发明授权公开(公告)号:US09407646B2
公开(公告)日:2016-08-02
申请号:US14338909
申请日:2014-07-23
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1425 , H04L63/1458
摘要: In one embodiment, a device in a network detects a network attack using aggregated metrics for a set of traffic data. In response to detecting the network attack, the device causes the traffic data to be clustered into a set of traffic data clusters. The device causes one or more attack detectors to analyze the traffic data clusters. The device causes the traffic data clusters to be segregated into a set of one or more attack-related clusters and into a set of one or more clusters related to normal traffic based on an analysis of the clusters by the one or more attack detectors.
摘要翻译: 在一个实施例中,网络中的设备使用用于一组业务数据的聚合度量来检测网络攻击。 响应于检测到网络攻击,该设备使业务数据被聚集成一组业务数据集群。 该设备使一个或多个攻击检测器分析流量数据集群。 基于对一个或多个攻击检测器的分析,该设备使得交通数据集群被分离成一组一个或多个与攻击有关的集群,并且分组成与一般业务相关的一个或多个集群的集合。
-
70.发明申请EVENT CORRELATION IN A NETWORK MERGING LOCAL GRAPH MODELS FROM DISTRIBUTED NODES 审中-公开网络中的事件关联与分布式节点的局部图形模型公开(公告)号:US20160219066A1
公开(公告)日:2016-07-28
申请号:US14605916
申请日:2015-01-26
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L63/1458
摘要: In one embodiment, a device in a network receives an indication of a network anomaly detected by a first graph-based anomaly detection model hosted by a first node in the network. The device identifies one or more additional graph-based anomaly detection models based on the network anomaly detected by the first graph-based anomaly detection model. The device correlates one or more network events from the one or more additional graph-based anomaly detection models with the network anomaly detected by the first graph-based anomaly detection model. The device identifies a cause of the network anomaly using the one or more network events from the one or more additional graph-based anomaly detection models that are correlated with the network anomaly detected by the first graph-based anomaly detection model.
摘要翻译: 在一个实施例中,网络中的设备接收由网络中的第一节点托管的第一基于图的异常检测模型检测到的网络异常的指示。 该设备基于第一个基于图形的异常检测模型检测到的网络异常识别一个或多个附加的基于图的异常检测模型。 该装置将来自一个或多个附加的基于图的异常检测模型的一个或多个网络事件与由第一基于图的异常检测模型检测到的网络异常相关联。 该设备使用来自与由第一基于图表的异常检测模型检测到的网络异常相关联的一个或多个附加的基于图的异常检测模型,使用一个或多个网络事件来识别网络异常的原因。
-
-
-
-
-
-
-
-
-
搜索结果
101 条记录 (耗时 0.032 秒)
