公开(公告)号：US20150186642A1

公开(公告)日：2015-07-02

申请号：US14165439

申请日：2014-01-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Jonathan W. Hui

IPC: G06F21/55

CPC classification number: G06F21/554 ,  H04W12/12

Abstract: In one embodiment, techniques are shown and described relating to quarantine-based mitigation of effects of a local DoS attack. A management device may receive data indicating that one or more nodes in a shared-media communication network are under attack by an attacking node. The management device may then communicate a quarantine request packet to the one or more nodes under attack, the quarantine request packet providing instructions to the one or more nodes under attack to alter their frequency hopping schedule without allowing the attacking node to learn of the altered frequency hopping schedule.

Abstract translation: 在一个实施例中，显示和描述与基于隔离的缓解本地DoS攻击的影响相关的技术。 管理设备可以接收指示共享媒体通信网络中的一个或多个节点受攻击节点攻击的数据。 然后，管理设备可以向被攻击的一个或多个节点传送隔离请求分组，所述隔离请求分组向被攻击的一个或多个节点提供指令以改变其跳频计划，而不允许攻击节点学习改变的频率 跳跃时间表。

公开(公告)号：US11165656B2

公开(公告)日：2021-11-02

申请号：US16697344

申请日：2019-11-27

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Erwan Barry Tarik Zerhouni

IPC: H04L12/24 ,  G06F21/62 ,  H04L12/26 ,  G06N20/00

Abstract: In one embodiment, a network assurance service executing in a local network clusters measurements obtained from the local network regarding a plurality of devices in the local network into measurement clusters. The network assurance service computes aggregated metrics for each of the measurement clusters. The network assurance service sends a machine learning model computation request to a remote service outside of the local network that includes the aggregated metrics for each of the measurement clusters. The remote service uses the aggregated metrics to train a machine learning-based model to analyze the local network. The network assurance service receives the trained machine learning-based model to analyze performance of the local network. The network assurance service uses the receive machine learning-based model to analyze performance of the local network.

公开(公告)号：US10757121B2

公开(公告)日：2020-08-25

申请号：US15212588

申请日：2016-07-18

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function.

公开(公告)号：US10581901B2

公开(公告)日：2020-03-03

申请号：US15154349

申请日：2016-05-13

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06 ,  H04L12/66 ,  G06N20/00

Abstract: In one embodiment, a primary networking device in a branch network receives a notification of an anomaly detected by a secondary networking device in the branch network. The primary networking device is located at an edge of the network. The primary networking device aggregates the anomaly detected by the secondary networking device and a second anomaly detected in the network into an aggregated anomaly. The primary networking device associates the aggregated anomaly with a location of the secondary networking device in the branch network. The primary networking device reports the aggregated anomaly and the associated location of the secondary networking device to a supervisory device.

公开(公告)号：US10356111B2

公开(公告)日：2019-07-16

申请号：US14164467

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: G06N3/02 ,  G06N3/08 ,  G06N20/00 ,  H04L12/24 ,  H04L29/06 ,  H04L12/26 ,  H04L12/801 ,  H04L12/855 ,  H04L12/891 ,  H04L12/753

Abstract: In one embodiment, a device evaluates a set of training data for a machine learning model to identify a missing feature subset in a feature space of the set of training data. The device identifies a plurality of network nodes eligible to initiate an attack on a network to generate the missing feature subset. One or more attack nodes are selected from among the plurality of network nodes. An attack routine is provided to the one or more attack nodes to cause the one or more attack nodes to initiate the attack. An indication that the attack has completed is then received from the one or more attack nodes.

公开(公告)号：US20190207822A1

公开(公告)日：2019-07-04

申请号：US15860017

申请日：2018-01-02

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04L12/24 ,  G06N3/08 ,  G06F8/65

CPC classification number: H04L41/20 ,  G06F8/65 ,  G06N3/08 ,  H04L41/16 ,  H04L43/14

Abstract: In one embodiment, a network assurance service receives, from a reporting entity, data regarding a monitored network for input to a machine learning-based analyzer of the network assurance service. The service forms a reporting entity model of the reporting entity, based on at least a portion of the data received from the reporting entity. The service identifies a behavioral change of the reporting entity by comparing a sample of the data received from the reporting entity to the reporting entity model. The service correlates the behavioral change of the reporting entity to a change made to the reporting entity. The service causes performance of a mitigation action, to prevent the behavioral change from affecting operation of the machine learning-based analyzer.

公开(公告)号：US20190171169A1

公开(公告)日：2019-06-06

申请号：US15831482

申请日：2017-12-05

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: G05B13/04 ,  H04L12/26

CPC classification number: G05B13/045 ,  G05B13/04 ,  H04L41/12 ,  H04L41/16 ,  H04L43/024 ,  H04L43/16

Abstract: In one embodiment, a network assurance service receives data regarding a monitored network. The service analyzes the received data using a machine learning-based model, to perform a network assurance function for the monitored network. The service determines that performance of the model is negatively affected by a sample rate of the received data. The service adjusts the sample rate of the data, based on the determination that the performance of the model is negatively affected by the sample rate of the received data.

公开(公告)号：US10218727B2

公开(公告)日：2019-02-26

申请号：US15184252

申请日：2016-06-16

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur

IPC: G06F21/00 ,  H04L29/06 ,  H04L29/12

Abstract: In one embodiment, a device in a network receives, from a supervisory device, trace information for one or more traffic flows associated with a particular anomaly. The device remaps network addresses in the trace information to addresses of one or more nodes in the network based on roles of the one or more nodes. The device mixes, using the remapped network addresses, the trace information with traffic information regarding one or more observed traffic flows in the network, to form a set of mixed traffic information. The device analyzes the mixed traffic information using an anomaly detection model. The device provides an indication of a result of the analysis of the mixed traffic information to the supervisory device.

公开(公告)号：US20180357560A1

公开(公告)日：2018-12-13

申请号：US15620116

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Grégory Mermoud ,  Sukrit Dasgupta ,  Jean-Philippe Vasseur

IPC: G06N99/00 ,  H04L12/26 ,  G06N5/04

CPC classification number: G06N99/005 ,  G06N5/04 ,  H04L43/06

Abstract: In one embodiment, a device identifies a new data source of characteristics data for a monitored network. The device initiates a quarantine period for the characteristic data from the new data source. The characteristic data from the new data source is quarantined from input to a machine learning-based analyzer during the quarantine period. The device models the characteristic data from the new data source during the quarantine period, to determine whether the characteristic data from the new data source is reliable for input to the machine learning-based analyzer. After the quarantine period, the device provides the characteristic data from the new data source to the machine learning-based analyzer based on a determination that the characteristic data from the new data source is reliable.

公开(公告)号：US20170279839A1

公开(公告)日：2017-09-28

申请号：US15212597

申请日：2016-07-18

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Grégory Mermoud ,  Fabien Flacher

IPC: H04L29/06 ,  G06F17/18 ,  G06N99/00 ,  H04L29/08

CPC classification number: H04L63/1425 ,  G06F17/18 ,  G06N99/005 ,  H04L63/02 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458 ,  H04L67/10

Abstract: In one embodiment, a supervisory device in a network receives traffic data from a security device that uses traffic signatures to assess traffic in the network. The supervisory device receives traffic data from one or more distributed learning agents that use machine learning-based anomaly detection to assess traffic in the network. The supervisory device trains a traffic classifier using the received traffic data from the security device and from the one or more distributed learning agents. The supervisory device deploys the traffic classifier to a selected one of the one or more distributed learning agents.