公开(公告)号：US09231965B1

公开(公告)日：2016-01-05

申请号：US14339255

申请日：2014-07-23

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Andrea di Pietro ,  Javier Cruz Mota

IPC: G06F11/00 ,  H04L29/06 ,  G06F12/14 ,  G06F7/04

CPC classification number: H04L63/1416 ,  G06N3/02 ,  G06N99/005 ,  H04L63/1408 ,  H04L63/1458 ,  H04L2463/146

Abstract: In one embodiment, a particular node in a network determines information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system. The particular node sends a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information. In response to the sent message, the particular node receives an indication that it is a member of a collaborative group of nodes based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of other machine learning attack detection and mitigation systems. Then, in response to an attack being detected by the local machine learning attack detection and mitigation system, the particular node provides to the collaborative group of nodes an indication of attack data flows identified as corresponding to the attack.

Abstract translation: 在一个实施例中，网络中的特定节点从本地机器学习攻击检测和缓解系统确定与网络攻击检测和缓解有关的信息。 特定节点基于该信息向网络中的地址发送指示本地机器学习攻击检测和缓解系统的能力的消息。 响应于所发送的消息，特定节点基于本地机器学习攻击检测和缓解系统的能力与其他机器学习攻击检测和缓解的能力互补而接收到它是协作组节点的成员的指示 系统。 然后，响应于由本地机器学习攻击检测和缓解系统检测到的攻击，特定节点向协作组节点提供被标识为对应于攻击的攻击数据流的指示。