公开(公告)号：US20200153616A1

公开(公告)日：2020-05-14

申请号：US16186662

申请日：2018-11-12

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Alexandre Honoré ,  Grégory Mermoud

IPC: H04L9/08 ,  H04L12/26 ,  H04L29/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/14 ,  G06N3/08

Abstract: In one embodiment, a network assurance service maintains a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in a monitored network. The service receives a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network. The service forms, during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data. The service augments, during the key rotation time period, the first set of telemetry data with the mapped dataset. The service assesses, during the time period, performance of the network by applying a machine learning-based model to the first set of telemetry data augmented with the mapped dataset.

公开(公告)号：US10318887B2

公开(公告)日：2019-06-11

申请号：US15188140

申请日：2016-06-21

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Pierre-André Savalle ,  Alexandre Honoré

IPC: G06F15/173 ,  G06N20/00 ,  H04L12/24 ,  H04L12/26

Abstract: In one embodiment, a device in a network identifies a plurality of applications from observed traffic in the network. The device forms two or more application clusters from the plurality of applications. Each of the application clusters includes one or more of the applications, and wherein a particular application in the plurality of applications is included in each of the application clusters. The device generates anomaly detection models for each of the application clusters. The device tests the anomaly detection models, to determine a measure of efficacy for each of the models with respect to traffic associated with the particular application. The device selects a particular anomaly detection model to analyze the traffic associated with the particular application based on the measures of efficacy for each of the models.

公开(公告)号：US20170310691A1

公开(公告)日：2017-10-26

申请号：US15176678

申请日：2016-06-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sébastien Gay ,  Grégory Mermoud ,  Pierre-André Savalle ,  Alexandre Honoré ,  Fabien Flacher

IPC: H04L29/06 ,  H04L12/24 ,  G06F17/30

CPC classification number: H04L63/1425 ,  H04L41/0631 ,  H04L41/12 ,  H04L41/147 ,  H04L63/1458

Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.

公开(公告)号：US11240259B2

公开(公告)日：2022-02-01

申请号：US16508398

申请日：2019-07-11

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sébastien Gay ,  Grégory Mermoud ,  Pierre-André Savalle ,  Alexandre Honoré ,  Fabien Flacher

IPC: H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.

公开(公告)号：US20190334941A1

公开(公告)日：2019-10-31

申请号：US16508398

申请日：2019-07-11

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sébastien Gay ,  Grégory Mermoud ,  Pierre-André Savalle ,  Alexandre Honoré ,  Fabien Flacher

IPC: H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.

公开(公告)号：US10243980B2

公开(公告)日：2019-03-26

申请号：US15205732

申请日：2016-07-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-André Savalle ,  Alexandre Honoré

IPC: H04L29/06 ,  H04L12/751

Abstract: In one embodiment, a device in a network receives an indication that a network anomaly detected by an anomaly detector of a first node in the network is associated with scanning activity in the network. The device receives labeled traffic data associated with the detected anomaly that identifies whether the traffic data is associated with legitimate or illegitimate scanning activity. The device trains a machine learning-based classifier using the labeled traffic data to distinguish between legitimate and illegitimate scanning activity in the network. The device deploys the trained classifier to the first node, to distinguish between legitimate and illegitimate scanning activity in the network.

公开(公告)号：US11757991B2

公开(公告)日：2023-09-12

申请号：US17509438

申请日：2021-10-25

Applicant: Cisco Technology, Inc.

Inventor： Frédéric René Philippe Detienne ,  Piotr Jerzy Kupisiewicz ,  Alexandre Honoré ,  Jonathan Maria Jan Slenders

IPC: G06F15/16 ,  H04L67/1095 ,  H04L41/22

CPC classification number: H04L67/1095 ,  H04L41/22

Abstract: Methods are provided for synchronizing task execution and/or data collection on multiple network devices. The methods involve obtaining a command to be executed on a plurality of target network devices and splitting the command into a plurality of single device execution tasks. Each single device execution task is for a respective network device of the plurality of target network devices. The methods further involve providing each of the plurality of single device execution tasks, via a command line interface or an application programming interface, to a respective one of the plurality of target network devices. The plurality of single device execution tasks being provided within a bounded time interval.

公开(公告)号：US20230027999A1

公开(公告)日：2023-01-26

申请号：US17509438

申请日：2021-10-25

Applicant: Cisco Technology, Inc.

Inventor： Frédéric René Philippe Detienne ,  Piotr Jerzy Kupisiewicz ,  Alexandre Honoré ,  Jonathan Maria Jan Slenders

IPC: H04L29/08 ,  H04L12/24

Abstract: Methods are provided for synchronizing task execution and/or data collection on multiple network devices. The methods involve obtaining a command to be executed on a plurality of target network devices and splitting the command into a plurality of single device execution tasks. Each single device execution task is for a respective network device of the plurality of target network devices. The methods further involve providing each of the plurality of single device execution tasks, via a command line interface or an application programming interface, to a respective one of the plurality of target network devices. The plurality of single device execution tasks being provided within a bounded time interval.

公开(公告)号：US11212079B2

公开(公告)日：2021-12-28

申请号：US16186662

申请日：2018-11-12

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Alexandre Honoré ,  Grégory Mermoud

IPC: H04L9/08 ,  H04L12/26 ,  H04L29/08 ,  G06N3/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/14

Abstract: In one embodiment, a network assurance service maintains a first set of telemetry data from the network anonymized using a first key regarding a plurality of network entities in a monitored network. The service receives a key rotation notification indicative of a key changeover from the first key to a second key for anonymization of a second set of telemetry data from the network. The service forms, during a key rotation time period associated with the key changeover, a mapped dataset by converting anonymized tokens in the second set of telemetry data into anonymized tokens in the first set of telemetry data. The service augments, during the key rotation time period, the first set of telemetry data with the mapped dataset. The service assesses, during the time period, performance of the network by applying a machine learning-based model to the first set of telemetry data augmented with the mapped dataset.

公开(公告)号：US20250119410A1

公开(公告)日：2025-04-10

申请号：US18631353

申请日：2024-04-10

Applicant: Cisco Technology, Inc.

Inventor： Jonathan Maria Jan Slenders ,  Frédéric René Philippe Detienne ,  Alexandre Honoré ,  Haitham Sufian Fayyad Jaradat

IPC: H04L9/40

Abstract: Methods are provided for a proxy infrastructure that serves as a bridge between an enterprise network and a computing machine of a user ensuring a chain of trust. The methods involve obtaining, from a client device, a request to navigate to one or more target devices of a remote enterprise network and locally authenticating the client device based on at least one of an identity of the client device and user credentials. The methods further involve generating a connection request for the client device to navigate to the one or more target devices based on the client device being locally authenticated and providing the connection request to a proxy service executing in the remote enterprise network. The proxy service authenticates an access to the one or more target devices based on device credentials while hiding the device credentials from the client device.