公开(公告)号：US20210075707A1

公开(公告)日：2021-03-11

申请号：US16563472

申请日：2019-09-06

申请人： Cisco Technology, Inc.

发明人： Abhishek Kumar ,  Erwan Barry Tarik Zerhouni ,  Javier Cruz Mota

IPC分类号： H04L12/26

摘要： Technologies for dynamically generating topology and location based network insights are provided. In some examples, a method can include determining statistical changes in time series data including a series of data points associated with one or more conditions or parameters of a network; determining a period of time corresponding to one or more of the statistical changes in the time series data; obtaining telemetry data corresponding to a segment of the network and one or more time intervals, wherein a respective length of each time interval is based on a length of the period of time corresponding to the one or more of the statistical changes in the time series data; and generating, based on the telemetry data, insights about the segment of the network, the insights identifying a trend or statistical deviation in a behavior of the segment of the network during the one or more time intervals.

公开(公告)号：US10454785B2

公开(公告)日：2019-10-22

申请号：US14273108

申请日：2014-05-08

申请人： Cisco Technology, Inc.

发明人： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC分类号： H04L12/24 ,  G06Q10/10 ,  G07C13/00 ,  H04L12/16 ,  H04L12/26 ,  H04L29/06 ,  H04L12/18 ,  H04K3/00 ,  H04W12/12 ,  H04L29/08

摘要： In one embodiment, possible voting nodes in a network are identified. The possible voting nodes each execute a classifier that is configured to select a label from among a plurality of labels based on a set of input features. A set of one or more eligible voting nodes is selected from among the possible voting nodes based on a network policy. Voting requests are then provided to the one or more eligible voting nodes that cause the one or more eligible voting nodes to select labels from among the plurality of labels. Votes are received from the eligible voting nodes that include the selected labels and are used to determine a voting result.

公开(公告)号：US20180278487A1

公开(公告)日：2018-09-27

申请号：US15466969

申请日：2017-03-23

申请人： Cisco Technology, Inc.

发明人： Grégory Mermoud ,  Pierre-Andre' Savalle ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC分类号： H04L12/24 ,  G06N3/08 ,  G06N3/04

CPC分类号： H04L41/16 ,  G06N3/0445 ,  G06N3/08 ,  H04L41/147 ,  H04L41/5009 ,  H04L67/10 ,  H04N7/163

摘要： In one embodiment, a device in a network maintains a machine learning-based recursive model that models a time series of observations regarding a monitored entity in the network. The device applies sparse dictionary learning to the recursive model, to find a decomposition of a particular state vector of the recursive model. The decomposition of the particular state vector comprises a plurality of basis vectors. The device determines a mapping between at least one of the plurality of basis vectors for the particular state vector and one or more human-readable interpretations of the basis vectors. The device provides a label for the particular state vector to a user interface. The label is based on the mapping between the at least one of the plurality of basis vectors for the particular state vector and the one or more human-readable interpretations of the basis vectors.

公开(公告)号：US09923910B2

公开(公告)日：2018-03-20

申请号：US14874591

申请日：2015-10-05

申请人： Cisco Technology, Inc.

发明人： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  H04L63/1416

摘要： In one embodiment, a device in a network analyzes data regarding a detected anomaly in the network. The device determines whether the detected anomaly is a false positive. The device generates a white label for the detected anomaly based on a determination that the detected anomaly is a false positive. The device causes one or more alerts regarding the detected anomaly to be suppressed using the generated white label for the anomaly.

公开(公告)号：US09900342B2

公开(公告)日：2018-02-20

申请号：US14338582

申请日：2014-07-23

申请人： Cisco Technology, Inc.

发明人： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L63/1416

摘要： In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.

公开(公告)号：US20170279698A1

公开(公告)日：2017-09-28

申请号：US15188175

申请日：2016-06-21

申请人： Cisco Technology, Inc.

发明人： Laurent Sartran ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Javier Cruz Mota ,  Sébastien Gay

IPC分类号： H04L12/26

CPC分类号： H04L43/0876 ,  H04L41/142 ,  H04L41/147 ,  H04L41/16 ,  H04L43/028 ,  H04L43/0823 ,  H04L43/16

摘要： In one embodiment, a device in a network determines cluster assignments that assign traffic data regarding traffic in the network to activity level clusters based on one or more measures of traffic activity in the traffic data. The device uses the cluster assignments to predict seasonal activity for a particular subset of the traffic in the network. The device determines an activity level for new traffic data regarding the particular subset of traffic in the network. The device detects a network anomaly by comparing the activity level for the new traffic data to the predicted seasonal activity.

公开(公告)号：US09686312B2

公开(公告)日：2017-06-20

申请号：US14338852

申请日：2014-07-23

申请人： Cisco Technology, Inc.

发明人： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC分类号： H04L29/06 ,  H04L29/08

CPC分类号： G06F21/577 ,  G06F2221/034 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1458 ,  H04L67/1002

摘要： In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.

公开(公告)号：US09398035B2

公开(公告)日：2016-07-19

申请号：US14165424

申请日：2014-01-27

申请人： Cisco Technology, Inc.

发明人： Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Andrea Di Pietro ,  Jonathan W. Hui

IPC分类号： H04L29/06 ,  H04W12/12 ,  G06N99/00

CPC分类号： H04L63/1416 ,  G06N99/005 ,  H04K3/226 ,  H04K2203/18 ,  H04L63/1441 ,  H04L63/1458 ,  H04W12/12

摘要： In one embodiment, techniques are shown and described relating to attack mitigation using learning machines. A node may receive network traffic data for a computer network, and then predict a probability that one or more nodes are under attack based on the network traffic data. The node may then decide to mitigate a predicted attack by instructing nodes to forward network traffic on an alternative route without altering an existing routing topology of the computer network to reroute network communication around the one or more nodes under attack, and in response, the node may communicate an attack notification message to the one or more nodes under attack.

摘要翻译： 在一个实施例中，与使用学习机器的攻击缓解有关的技术被示出和描述。 节点可以接收计算机网络的网络流量数据，然后基于网络流量数据预测一个或多个节点受到攻击的概率。 然后，节点可以通过指示节点在替代路由上转发网络流量而不改变计算机网络的现有路由拓扑以重新路由在被攻击的一个或多个节点周围的网络通信，并且响应于节点 可以将攻击通知消息传送给被攻击的一个或多个节点。

公开(公告)号：US20160028764A1

公开(公告)日：2016-01-28

申请号：US14338653

申请日：2014-07-23

申请人： Cisco Technology, Inc.

发明人： Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Javier Cruz Mota

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L63/1416 ,  H04L2463/141

摘要： In one embodiment, attack traffic corresponding to a detected DoS attack from one or more attacker nodes is received at a denial of service (DoS) attack management node in a network. The DoS attack management node determines attack information relating to the attack traffic, including a type of the DoS attack and an intended target of the DoS attack. Then, the DoS attack management node triggers an attack mimicking action based on the attack information, where the attack mimicking action mimics a behavior of the intended target of the DoS attack that would be expected by the one or more attacker nodes if the DoS attack were successful.

摘要翻译： 在一个实施例中，在网络中的拒绝服务（DoS）攻击管理节点处接收与来自一个或多个攻击者节点的检测到的DoS攻击相对应的攻击流量。 DoS攻击管理节点确定与攻击流量相关的攻击信息，包括DoS攻击的类型和DoS攻击的预期目标。 然后，DoS攻击管理节点基于攻击信息触发攻击模拟动作，其中攻击模拟动作模仿DoS攻击的预期目标的行为，如果DoS攻击是由一个或多个攻击者节点预期的 成功

公开(公告)号：US20160021126A1

公开(公告)日：2016-01-21

申请号：US14336206

申请日：2014-07-21

申请人： Cisco Technology, Inc.

发明人： Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Javier Cruz Mota

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/1458

摘要： In one embodiment, a device in a network receives information regarding one or more attack detection service level agreements. The device identifies a set of attack detection classifiers as potential voters in a voting mechanism used to detect a network attack. The device determines one or more parameters for the voting mechanism based on the information regarding the one or more attack detection service level agreements. The device adjusts the voting mechanism used by the potential voters based on the one or more parameters for the voting mechanism.

摘要翻译： 在一个实施例中，网络中的设备接收关于一个或多个攻击检测服务级别协议的信息。 该设备将一组攻击检测分类器识别为用于检测网络攻击的投票机制中的潜在选民。 该设备基于关于一个或多个攻击检测服务级别协议的信息来确定投票机制的一个或多个参数。 该设备根据投票机制的一个或多个参数调整潜在投票者使用的投票机制。