-
1.发明公开公开(公告)号:US20240348645A1
公开(公告)日:2024-10-17
申请号:US18417256
申请日:2024-01-19
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
CPC classification number: H04L63/145 , H04L63/0428 , H04L63/1408 , G06N20/00
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
2.发明申请公开(公告)号:US20200267164A1
公开(公告)日:2020-08-20
申请号:US16869726
申请日:2020-05-08
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
IPC: H04L29/06
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
3.发明授权公开(公告)号:US10686831B2
公开(公告)日:2020-06-16
申请号:US15353160
申请日:2016-11-16
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
4.发明申请公开(公告)号:US20180139214A1
公开(公告)日:2018-05-17
申请号:US15353160
申请日:2016-11-16
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
公开(公告)号:US20220345470A1
公开(公告)日:2022-10-27
申请号:US17861583
申请日:2022-07-11
Applicant: Cisco Technology, Inc.
Inventor: David McGrew , Blake Harrell Anderson , Ivan Nikolaev
Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20210377283A1
公开(公告)日:2021-12-02
申请号:US17395968
申请日:2021-08-06
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
IPC: H04L29/06
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
公开(公告)号:US20190258965A1
公开(公告)日:2019-08-22
申请号:US15901915
申请日:2018-02-22
Applicant: Cisco Technology, Inc.
Inventor: Lukas Machlica , Ivan Nikolaev , Jan Brabec
Abstract: In one embodiment, a method including accessing a trained classifier, the trained classifier trained based at least on a first data item and including both decision determination information of the first data item and decision explanation information of at least one second data item, the second data item being distinct from the first data item; receiving an item for classification; using the trained classifier to classify the item for classification; and providing item decision information regarding a reason for classifying the item for classification, the item decision information being based on at least a part of the decision explanation information. Other embodiments are also described.
-
公开(公告)号:US20180212992A1
公开(公告)日:2018-07-26
申请号:US15413921
申请日:2017-01-24
Applicant: Cisco Technology, Inc.
Inventor: Ivan Nikolaev , Tomas Pevny
Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.
-
9.发明授权公开(公告)号:US11909760B2
公开(公告)日:2024-02-20
申请号:US17395968
申请日:2021-08-06
Applicant: Cisco Technology, Inc.
Inventor: Blake Harrell Anderson , David McGrew , Subharthi Paul , Ivan Nikolaev , Martin Grill
CPC classification number: H04L63/145 , H04L63/0428 , H04L63/1408 , G06N20/00
Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
公开(公告)号:US10785247B2
公开(公告)日:2020-09-22
申请号:US15413921
申请日:2017-01-24
Applicant: Cisco Technology, Inc.
Inventor: Ivan Nikolaev , Tomas Pevny
Abstract: In one embodiment, a device in a network identifies an set of services of a domain accessed by a plurality of users in the network. The device generates a service usage model for the domain based on the set of services accessed by the plurality of users. The service usage model models usage of the services of the domain by the plurality of users. The device trains a machine learning-based classifier to analyze traffic in the network using a set of training feature vectors. A particular training feature vector includes data indicative of service usage by one of the users for the domain and the modeled usage of the services of the domain by the plurality of users. The device causes classification of traffic in the network associated with a particular user by the trained machine learning-based classifier.
-
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.029 seconds)
