Patent search ap:("CISCO TECHNOLOGY Page INC.") AND inv:"Shih-Chun Chang"

81.

发明公开
APPLICATION PERFORMANCE MONITORING AND MANAGEMENT PLATFORM WITH ANOMALOUS FLOWLET RESOLUTION 审中-公开

公开(公告)号：US20230276152A1

公开(公告)日：2023-08-31

申请号：US18313255

申请日：2023-05-05

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha , Omid Madani , Vimal Jeyakumar , Navindra Yadav , Ali Parandehgheibi , Andy Sloane , Kai Chang , Khawar Deen , Shih-Chun Chang , Hai Vu

IPC: H04Q9/02 , H04L43/04 , G06F11/34 , H04L43/026 , H04L41/0631 , H04L41/0681 , H04L67/12

CPC classification number: H04Q9/02 , H04L43/04 , G06F11/3495 , H04L43/026 , H04L41/064 , H04L41/0681 , H04L67/12 , H04L41/14

Abstract: An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.

82.

发明授权
Systems and methods for detecting vulnerabilities in network processes during runtime 有权

公开(公告)号：US11706239B2

公开(公告)日：2023-07-18

申请号：US17003450

申请日：2020-08-26

Applicant: Cisco Technology, Inc.

Inventor： Hai Vu , Thanh Nhan Nguyen , Vaishali Palkar , Varun Malhotra , Shih-Chun Chang , Xin Liu

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting vulnerabilities in real-time during execution of a process or an application. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to obtain real-time process information associated with a process executing in an endpoint. The device can then determine package information for a package associated with the process based on the process information. The device can then identify at least one vulnerability associated with the package information using a database of vulnerabilities stored on a backend component of the network. The backend component may have a database of vulnerabilities for packages.

83.

发明授权
Unique ID generation for sensors 有权

公开(公告)号：US11695659B2

公开(公告)日：2023-07-04

申请号：US16941426

申请日：2020-07-28

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Ranjan Singh , Shih-Chun Chang , Varun Sagar Malhotra , Hai Trong Vu , Jackson Ngoc Ki Pang

IPC: H04L43/045 , G06F9/455 , H04L9/40 , G06N20/00 , G06F21/55 , G06F21/56 , G06F16/28 , G06F16/2457 , G06F16/248 , G06F16/29 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06F16/174 , G06F16/23 , G06F16/9535 , G06N99/00 , H04L9/32 , H04L41/0668 , H04L43/0805 , H04L43/0811 , H04L43/0852 , H04L43/106 , H04L45/00 , H04L45/50 , H04L67/12 , H04L43/026 , H04L61/5007 , H04L67/01 , H04L67/51 , H04L67/75 , H04L67/1001 , H04W72/54 , H04L43/062 , H04L43/10 , H04L47/2441 , H04L41/0893 , H04L43/08 , H04L43/04 , H04W84/18 , H04L67/10 , H04L41/046 , H04L43/0876 , H04L41/12 , H04L41/16 , H04L41/0816 , G06F21/53 , H04L41/22 , G06F3/04842 , G06F3/04847 , H04L41/0803 , H04L43/0829 , H04L43/16 , H04L1/24 , H04L9/08 , H04J3/06 , H04J3/14 , H04L47/20 , H04L47/32 , H04L43/0864 , H04L47/11 , H04L69/22 , H04L45/74 , H04L47/2483 , H04L43/0882 , H04L41/0806 , H04L43/0888 , H04L43/12 , H04L47/31 , G06F3/0482 , G06T11/20 , H04L43/02 , H04L47/28 , H04L69/16 , H04L45/302 , H04L67/50

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F16/122 , G06F16/137 , G06F16/162 , G06F16/17 , G06F16/173 , G06F16/174 , G06F16/1744 , G06F16/1748 , G06F16/235 , G06F16/2322 , G06F16/2365 , G06F16/248 , G06F16/24578 , G06F16/285 , G06F16/288 , G06F16/29 , G06F16/9535 , G06F21/53 , G06F21/552 , G06F21/556 , G06F21/566 , G06N20/00 , G06N99/00 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/026 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/5007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/145 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/01 , H04L67/10 , H04L67/1001 , H04L67/12 , H04L67/51 , H04L67/75 , H04L69/16 , H04L69/22 , H04W72/54 , H04W84/18 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , H04L67/535

Abstract: Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

84.

发明申请
TECHNOLOGIES FOR ANNOTATING PROCESS AND USER INFORMATION FOR NETWORK FLOWS 有权

公开(公告)号：US20220038353A1

公开(公告)日：2022-02-03

申请号：US17503097

申请日：2021-10-15

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav , Abhishek Ranjan Singh , Anubhav Gupta , Shashidhar Gandham , Jackson Ngoc Ki Pang , Shih-Chun Chang , Hai Trong Vu

IPC: H04L12/26 , H04L29/06 , G06F9/455 , G06N20/00 , G06F21/55 , G06F21/56 , G06F16/28 , G06F16/2457 , G06F16/248 , G06F16/29 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06F16/174 , G06F16/23 , G06F16/9535 , G06N99/00 , H04L9/32 , H04L12/24 , H04L12/715 , H04L12/723 , H04L29/08 , H04L12/851 , H04W84/18 , G06F21/53 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725

Abstract: Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

85.

发明授权
Federated microburst detection 有权

公开(公告)号：US10972388B2

公开(公告)日：2021-04-06

申请号：US15359511

申请日：2016-11-22

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav , Mohammadreza Alizadeh Attar , Shashi Gandham , Abhishek Singh , Shih-Chun Chang

IPC: H04L12/721 , H04L12/26 , H04L12/24

Abstract: An example method includes a sensor detecting multiple packets of a flow during a specified total time period (e.g., a reporting time period). The total time period can be subdivided into multiple time periods. The sensor can analyze the detected packets to determine an amount of network utilization for each of the time periods. The sensor can then generate a flow summary based on the network utilization and the flow and send the flow summary to an analytics engine. Multiple other sensors can do similarly for their respective packets and flows. The analytics engine can receive the flow summaries from the various sensors and determine a correspondence between flow with high network utilization at a specific time period and a node or nodes. These nodes that experienced multiple flows with high network utilization for a certain period of time can be identified as experiencing a microburst.

86.

发明授权
System and method of spoof detection 有权

公开(公告)号：US10862776B2

公开(公告)日：2020-12-08

申请号：US15171666

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L12/26 , H04L29/06 , G06F21/56 , H04L12/833 , G06F9/455 , G06N20/00 , G06F21/55 , H04L12/851 , H04L12/24 , H04W84/18 , H04L29/08 , G06F21/53 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , G06F16/23 , G06F16/28 , G06F16/2457 , G06F16/248 , G06F16/29 , H04L12/723

Abstract: Managing a network environment to identify spoofed packets is disclosed. A method includes analyzing, via a first capture agent, packets processed by a first environment in a network associated with a first host, and analyzing, via a second capture agent, packets processed by a second environment in the network associated with a second host. The method includes collecting the first data and the second data at a collector and generating a topological map of the network and a history of network activity associated with the first environment and the second environment. The method includes extracting network data from a packet and comparing the extracted network data with stored network data in the database. When the comparison indicates that the extracted network data does not match the stored network data (i.e., the reported source does not match an expected source for the packet), determining that the packet is a spoofed packet.

87.

发明授权
System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack 有权

公开(公告)号：US10454793B2

公开(公告)日：2019-10-22

申请号：US15171879

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: G06F17/00 , G06F15/16 , G06F9/00 , H04L12/26 , H04L29/06 , G06F9/455 , G06N20/00 , G06F16/29 , G06F16/248 , G06F16/28 , G06F16/9535 , G06F16/2457 , H04L12/851 , H04L12/24 , H04W84/18 , H04L29/08 , G06F21/53 , H04L12/723 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , H04L12/715 , G06F21/55 , G06F21/56 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06N99/00 , G06F16/174 , G06F16/23

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

88.

发明授权
System and method of determining malicious processes 有权

公开(公告)号：US10439904B2

公开(公告)日：2019-10-08

申请号：US15171707

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: G06F11/00 , H04L12/26 , H04L29/06 , G06F9/455 , G06N20/00 , G06F16/29 , G06F16/248 , G06F16/28 , G06F16/9535 , G06F16/2457 , H04L12/851 , H04L12/24 , H04W84/18 , H04L29/08 , G06F21/53 , H04L12/723 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/801 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , H04L12/715 , G06F21/55 , G06F21/56 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06N99/00 , G06F16/174 , G06F16/23

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. A method includes determining a lineage for a process within the network and then evaluating, through knowledge of the lineage, the source of the command that initiated the process. The method includes capturing data from a plurality of capture agents at different layers of a network, each capture agent of the plurality of capture agents configured to observe network activity at a particular location in the network, developing, based on the data, a lineage for a process associated with the network activity and, based on the lineage, identifying an anomaly within the network.