中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

102 records (took 0.022 seconds)

    Network attack detection using combined probabilities
    94.
    发明授权
    Network attack detection using combined probabilities 有权
    使用组合概率的网络攻击检测

    公开(公告)号:US09450972B2

    公开(公告)日:2016-09-20

    申请号:US14338751

    申请日:2014-07-23

    Applicant: Cisco Technology, Inc.

    Inventor: Javier Cruz Mota Andrea Di Pietro Jean-Philippe Vasseur

    IPC: H04L29/06

    CPC classification number: H04L63/1408 H04L63/1458 H04L63/1466 H04W4/70 H04W12/12

    Abstract: In one embodiment, a device in a network receives a set of output label dependencies for a set of attack detectors. The device identifies applied labels that were applied by the attack detectors to input data regarding a network, the applied labels being associated with probabilities. The device determines a combined probability for two or more of the applied labels based on the output label dependencies and the probabilities associated with the two or more labels. The device selects one of the applied labels as a finalized label for the input data based on the probabilities associated with the applied labels and on the combined probability for the two or more labels.

    Abstract translation: 在一个实施例中,网络中的设备接收一组攻击检测器的一组输出标签依赖性。 设备识别由攻击检测器应用的应用标签以输入关于网络的数据,所应用的标签与概率相关联。 该设备基于输出标签依赖性和与两个或多个标签相关联的概率来确定两个或多个应用标签的组合概率。 设备根据与应用标签相关联的概率和两个或多个标签的组合概率,将所应用的标签之一选择为输入数据的最终标签。

    Learning model selection in a distributed network
    95.
    发明授权
    Learning model selection in a distributed network 有权
    在分布式网络中学习模型选择

    公开(公告)号:US09413779B2

    公开(公告)日:2016-08-09

    申请号:US14164443

    申请日:2014-01-27

    Applicant: Cisco Technology, Inc.

    Inventor: Jean-Philippe Vasseur Andrea Di Pietro Javier Cruz Mota

    IPC: G06N3/08 H04L29/06 G06N99/00 H04L12/26 G06N3/02 H04L12/24 H04L12/801 H04L12/855 H04L12/891 H04L12/753

    CPC classification number: H04L63/1425 G06N3/02 G06N3/08 G06N3/084 G06N99/005 H04L41/16 H04L43/0876 H04L45/48 H04L47/127 H04L47/2466 H04L47/41

    Abstract: In one embodiment, local model parameters are generated by training a machine learning model at a device in a computer network using a local data set. One or more other devices in the network are identified that have trained machine learning models using remote data sets that are similar to the local data set. The local model parameters are provided to the one or more other devices to cause the one or more other devices to generate performance metrics using the provided model parameters. Performance metrics for model parameters are received from the one or more other devices and a global set of model parameters is selected for the device and the one or more other devices using the received performance metrics.

    Abstract translation: 在一个实施例中,通过使用本地数据集在计算机网络中的设备处训练机器学习模型来生成本地模型参数。 识别网络中的一个或多个其他设备,其使用与本地数据集相似的远程数据集来训练机器学习模型。 将本地模型参数提供给一个或多个其他设备以使得一个或多个其他设备使用所提供的模型参数来生成性能度量。 从一个或多个其他设备接收模型参数的性能度量,并且使用所接收的性能度量为设备和一个或多个其他设备选择一组全局模型参数。

    TRAFFIC SEGREGATION IN DDOS ATTACK ARCHITECTURE
    96.
    发明申请
    TRAFFIC SEGREGATION IN DDOS ATTACK ARCHITECTURE 有权
    DDOS攻击架构中的交通分段

    公开(公告)号:US20160028755A1

    公开(公告)日:2016-01-28

    申请号:US14339255

    申请日:2014-07-23

    Applicant: Cisco Technology, Inc.

    Inventor: Jean-Philippe Vasseur Andrea Di Pietro Javier Cruz Mota

    IPC: H04L29/06

    CPC classification number: H04L63/1416 G06N3/02 G06N99/005 H04L63/1408 H04L63/1458 H04L2463/146

    Abstract: In one embodiment, a particular node in a network determines information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system. The particular node sends a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information. In response to the sent message, the particular node receives an indication that it is a member of a collaborative group of nodes based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of other machine learning attack detection and mitigation systems. Then, in response to an attack being detected by the local machine learning attack detection and mitigation system, the particular node provides to the collaborative group of nodes an indication of attack data flows identified as corresponding to the attack.

    Abstract translation: 在一个实施例中,网络中的特定节点从本地机器学习攻击检测和缓解系统确定与网络攻击检测和缓解有关的信息。 特定节点基于该信息向网络中的地址发送指示本地机器学习攻击检测和缓解系统的能力的消息。 响应于所发送的消息,特定节点基于本地机器学习攻击检测和缓解系统的能力与其他机器学习攻击检测和缓解的能力互补而接收到它是协作组节点的成员的指示 系统。 然后,响应于由本地机器学习攻击检测和缓解系统检测到的攻击,特定节点向协作组节点提供被标识为对应于攻击的攻击数据流的指示。

    APPLYING A MITIGATION SPECIFIC ATTACK DETECTOR USING MACHINE LEARNING
    97.
    发明申请
    APPLYING A MITIGATION SPECIFIC ATTACK DETECTOR USING MACHINE LEARNING 有权
    使用机器学习应用缓解特定的攻击检测器

    公开(公告)号:US20160028754A1

    公开(公告)日:2016-01-28

    申请号:US14338909

    申请日:2014-07-23

    Applicant: CISCO TECHNOLOGY, INC.

    Inventor: Javier Cruz Mota Andrea Di Pietro Jean-Philippe Vasseur

    IPC: H04L29/06

    CPC classification number: H04L63/1416 H04L63/1425 H04L63/1458

    Abstract: In one embodiment, a device in a network detects a network attack using aggregated metrics for a set of traffic data. In response to detecting the network attack, the device causes the traffic data to be clustered into a set of traffic data clusters. The device causes one or more attack detectors to analyze the traffic data clusters. The device causes the traffic data clusters to be segregated into a set of one or more attack-related clusters and into a set of one or more clusters related to normal traffic based on an analysis of the clusters by the one or more attack detectors.

    Abstract translation: 在一个实施例中,网络中的设备使用用于一组业务数据的聚合度量来检测网络攻击。 响应于检测到网络攻击,该设备使业务数据被聚集成一组业务数据集群。 该设备使一个或多个攻击检测器分析流量数据集群。 基于对一个或多个攻击检测器的分析,该设备使得交通数据集群被分离成一组一个或多个与攻击有关的集群,并且分组成与一般业务相关的一个或多个集群的集合。

    HIERARCHICAL ATTACK DETECTION IN A NETWORK
    98.
    发明申请
    HIERARCHICAL ATTACK DETECTION IN A NETWORK 有权
    网络中的分层攻击检测

    公开(公告)号:US20160028752A1

    公开(公告)日:2016-01-28

    申请号:US14338794

    申请日:2014-07-23

    Applicant: Cisco Technology, Inc.

    Inventor: Andrea Di Pietro Jean-Philippe Vasseur Javier Cruz Mota

    IPC: H04L29/06

    CPC classification number: H04L63/1416 H04L63/1408 H04L63/1441 H04L63/1458

    Abstract: In one embodiment, a device in a network identifies a set of traffic flow records that triggered an attack detector. The device selects a subset of the traffic flow records and calculates aggregated metrics for the subset. The device provides the aggregated metrics for the subset to the attack detector to generate an attack detection determination for the subset of traffic flow records. The device identifies one or more attack traffic flows from the set of traffic flow records based on the attack detection determination for the subset of traffic flow records.

    Abstract translation: 在一个实施例中,网络中的设备识别触发攻击检测器的一组业务流记录。 设备选择流量记录的一个子集,并计算子集的聚合度量。 该设备将该子集的聚合度量提供给攻击检测器,以生成流量记录子集的攻击检测确定。 该设备基于业务流记录子集的攻击检测确定来识别来自该组业务流记录的一个或多个攻击流量流。

    FEATURE AGGREGATION IN A COMPUTER NETWORK
    99.
    发明申请
    FEATURE AGGREGATION IN A COMPUTER NETWORK 有权
    计算机网络中的特征聚合

    公开(公告)号:US20150195146A1

    公开(公告)日:2015-07-09

    申请号:US14164480

    申请日:2014-01-27

    Applicant: CISCO TECHNOLOGY, INC.

    Inventor: Andrea Di Pietro Jean-Philippe Vasseur Javier Cruz Mota

    IPC: H04L12/24 H04L12/891 H04L12/855 H04L12/801

    CPC classification number: H04L63/1425 G06N3/02 G06N3/08 G06N3/084 G06N99/005 H04L41/16 H04L43/0876 H04L45/48 H04L47/127 H04L47/2466 H04L47/41

    Abstract: In one embodiment, a device determines that input data to a machine learning model sent from a plurality of source nodes to an aggregation node is causing network congestion. A set of one or more other nodes to perform aggregation of the machine learning model input data is selected. A type of aggregation to be performed by the set of one or more other nodes is also selected. The set of one or more other nodes is also instructed to perform the selected type of aggregation on the data sent from the source nodes.

    Abstract translation: 在一个实施例中,设备确定到从多个源节点发送到聚合节点的机器学习模型的输入数据导致网络拥塞。 选择用于执行机器学习模型输入数据的聚合的一组或多个其他节点。 还选择要由一组或多个其他节点执行的聚合类型。 还指示一个或多个其他节点的集合对从源节点发送的数据执行所选择的聚合类型。

    SCHEDULING A NETWORK ATTACK TO TRAIN A MACHINE LEARNING MODEL
    100.
    发明申请
    SCHEDULING A NETWORK ATTACK TO TRAIN A MACHINE LEARNING MODEL 审中-公开
    调度网络攻击训练机器学习模型

    公开(公告)号:US20150195145A1

    公开(公告)日:2015-07-09

    申请号:US14164467

    申请日:2014-01-27

    Applicant: Cisco Technology, Inc.

    Inventor: Andrea Di Pietro Jean-Philippe Vasseur Javier Cruz Mota

    IPC: H04L12/24 G06N3/02

    CPC classification number: H04L63/1425 G06N3/02 G06N3/08 G06N3/084 G06N20/00 H04L41/16 H04L43/0876 H04L45/48 H04L47/127 H04L47/2466 H04L47/41

    Abstract: In one embodiment, a device evaluates a set of training data for a machine learning model to identify a missing feature subset in a feature space of the set of training data. The device identifies a plurality of network nodes eligible to initiate an attack on a network to generate the missing feature subset. One or more attack nodes are selected from among the plurality of network nodes. An attack routine is provided to the one or more attack nodes to cause the one or more attack nodes to initiate the attack. An indication that the attack has completed is then received from the one or more attack nodes.

    Abstract translation: 在一个实施例中,设备评估用于机器学习模型的一组训练数据,以识别该组训练数据的特征空间中的丢失特征子集。 该设备识别有资格发起对网络的攻击的多个网络节点以产生丢失的特征子集。 从多个网络节点中选择一个或多个攻击节点。 向一个或多个攻击节点提供攻击程序以使一个或多个攻击节点发起攻击。 然后从一个或多个攻击节点接收到攻击完成的指示。

Patent Agency Ranking