REFINEMENT OF DEVICE CLASSIFICATION AND CLUSTERING BASED ON POLICY COLORING

    公开(公告)号:US20200162329A1

    公开(公告)日:2020-05-21

    申请号:US16194466

    申请日:2018-11-19

    Abstract: In one embodiment, a device classification service receives data indicative of network traffic policies assigned to a plurality of device types. The device classification service associates measures of policy restrictiveness with the device types, based on the received data indicative of the network traffic policies assigned to the plurality of device types. The device classification service determines misclassification costs associated with a machine learning-based device type classifier of the service misclassifying an endpoint device of one of the plurality device types with another of the plurality of device types, based on their associated measures of policy restrictiveness. The device classification service adjusts the machine learning-based device type classifier to account for the determined misclassification costs.

    CLOSED LOOP CONTROL FOR FIXING NETWORK CONFIGURATION ISSUES TO AID IN DEVICE CLASSIFICATION

    公开(公告)号:US20200145288A1

    公开(公告)日:2020-05-07

    申请号:US16182761

    申请日:2018-11-07

    Abstract: In one embodiment, a device receives traffic telemetry data captured by a plurality of networks and used by device classification services in the networks to classify endpoints in the networks with device types. The device compares the telemetry data from a particular one of the networks to the telemetry data from the other networks to identify one or more traffic characteristics that are missing from the telemetry data for one or more endpoints of the particular network. The device identifies a networking entity in the particular network that is common to the one or more endpoints for which the one or more characteristics are missing. The device determines a configuration change for the networking entity by comparing a current configuration of the entity to those of one or more entities in the other networks. The device initiates implementation of the determined configuration change for the entity in the particular network.

    Deep learning architecture for collaborative anomaly detection and explanation

    公开(公告)号:US10574512B1

    公开(公告)日:2020-02-25

    申请号:US16120529

    申请日:2018-09-04

    Abstract: In one embodiment, a network assurance service that monitors a network detects a behavioral anomaly in the network using an anomaly detector that compares an anomaly detection threshold to a target value calculated based on a first set of one or more measurements from the network. The service uses an explanation model to predict when the anomaly detector will detect anomalies. The explanation model takes as input a second set of one or more measurements from the network that differs from the first set. The service determines that the detected anomaly is explainable, based on the explanation model correctly predicting the detection of the anomaly by the anomaly detector. The service provides an anomaly detection alert for the detected anomaly to a user interface, based on the detected anomaly being explainable. The anomaly detection alert indicates at least one measurement from the second set as an explanation for the anomaly.

    Constraint-aware resource synchronization across hyper-distributed learning systems

    公开(公告)号:US10552763B2

    公开(公告)日:2020-02-04

    申请号:US15210974

    申请日:2016-07-15

    Abstract: In one embodiment, a device in a network receives data indicative of a target state for one or more distributed learning agents in the network. The device determines a difference between the target state and state information maintained by the device regarding the one or more distributed learning agents. The device calculates a synchronization penalty score for each of the one or more distributed learning agents. The device selects a particular one of the one or more distributed learning agents with which to synchronize, based on the synchronization penalty score for the selected distributed learning agent and on the determined difference between the target state and the state information regarding the selected distributed learning agent. The device initiates synchronization of the state information maintained by the device regarding the selected distributed learning agent with state information from the selected distributed learning agent.

    Detecting transient vs. perpetual network behavioral patterns using machine learning

    公开(公告)号:US10547518B2

    公开(公告)日:2020-01-28

    申请号:US15880600

    申请日:2018-01-26

    Abstract: In one embodiment, a network assurance service that monitors a network detects a pattern of network measurements from the network that are associated with a particular network problem. The network assurance service tracks characteristics of the detected pattern over time. The network assurance service uses the tracked characteristics of the detected pattern over time as input to a machine learning-based pattern analyzer. The pattern analyzer is configured to determine whether the detected pattern is a perpetual or transient pattern in the network, and the pattern analyzer is further configured to detect anomalies in the characteristics of the pattern. The network assurance service initiates a change to the network based on an output of the machine learning-based pattern analyzer.

    Virtual access point (VAP) formation

    公开(公告)号:US10524194B2

    公开(公告)日:2019-12-31

    申请号:US16248108

    申请日:2019-01-15

    Abstract: In one embodiment, a supervisory device in a network receives from a plurality of access points (APs) in the network data regarding a network availability request broadcast by a node seeking to access the network and received by the APs in the plurality. The supervisory device uniquely associates the node with a virtual access point (VAP) for the node and forms a VAP mapping between the VAP for the node and a set of the APs in the plurality selected based on the received data regarding the network availability request. One of the APs in the mapping is designated as a primary access point for the node. The supervisory device instructs the primary AP to send a network availability response to the node that includes information for the VAP. The node uses the information for the VAP to access the network via the set of APs in the VAP mapping.

Patent Agency Ranking