公开(公告)号：US09794179B2

公开(公告)日：2017-10-17

申请号：US15341315

申请日：2016-11-02

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/859 ,  H04L12/715 ,  H04L29/08

CPC classification number: H04L47/2475 ,  H04L45/64 ,  H04L63/062 ,  H04L63/0853 ,  H04L63/0884 ,  H04L67/12

Abstract: In one embodiment, a capable node in a low power and lossy network (LLN) may monitor the authentication time for one or more nodes in the LLN. The capable node may dynamically correlate the authentication time with the location of the one or more nodes in the LLN in order to identify one or more authentication-delayed nodes. The node may then select, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys so that the key-delegation nodes may perform localized authentication of one or more of the authentication-delayed nodes. The capable node may then distribute the one or more network keys to the one or more key-delegation nodes.

公开(公告)号：US20170279838A1

公开(公告)日：2017-09-28

申请号：US15212588

申请日：2016-07-18

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06 ,  G06N99/00

Abstract: In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function.

公开(公告)号：US09734457B2

公开(公告)日：2017-08-15

申请号：US14163638

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta

IPC: G06F15/18 ,  G06N99/00 ,  H04L12/24 ,  H04L29/08 ,  H04L12/851 ,  H04L12/753 ,  G06Q10/06 ,  H04L12/18

CPC classification number: G06N99/005 ,  G06Q10/0631 ,  G06Q10/06375 ,  H04L12/185 ,  H04L41/145 ,  H04L41/147 ,  H04L41/16 ,  H04L45/48 ,  H04L47/2483 ,  H04L67/26

Abstract: In one embodiment, a learning data processor determines a plurality of machine learning features in a computer network to collect. Upon receiving data corresponding to the plurality of features, the learning data processor may aggregate the data, and pushes the aggregated data for select features to interested learning machines associated with the computer network.

公开(公告)号：US20170104775A1

公开(公告)日：2017-04-13

申请号：US14878171

申请日：2015-10-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud

IPC: H04L29/06 ,  G06F9/445 ,  H04L29/08

CPC classification number: H04L63/1425 ,  G06F8/60 ,  G06F11/00 ,  H04L41/00 ,  H04L67/34 ,  H04L69/40

Abstract: In one embodiment, a device in a network maintains information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models. The device receives an indication of a planned application deployment in the network. The device adjusts an anomaly detection strategy of a particular anomaly detector in the network based on the planned application deployment and on the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models.

公开(公告)号：US09544220B2

公开(公告)日：2017-01-10

申请号：US13946268

申请日：2013-07-19

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/751 ,  H04L12/24 ,  H04L12/26 ,  H04L12/703

CPC classification number: H04L45/08 ,  H04L41/0677 ,  H04L41/5009 ,  H04L43/106 ,  H04L45/28

Abstract: In one embodiment, nodes are polled in a network for Quality of Service (QoS) measurements, and a QoS anomaly that affects a plurality of potentially faulty nodes is detected based on the QoS measurements. A path, which traverses the plurality of potentially faulty nodes, is then computed from a first endpoint to a second endpoint. Also, a median node that is located at a point along the path between the first endpoint and the second endpoint is computed. Time-stamped packets are received from the median node, and the first endpoint and the second endpoint of the path are updated based on the received time-stamped packets, such that an amount of potentially faulty nodes is reduced. Then, the faulty node is identified from a reduced amount of potentially faulty nodes.

Abstract translation: 在一个实施例中，在用于服务质量（QoS）测量的网络中轮询节点，并且基于QoS测量来检测影响多个潜在故障节点的QoS异常。 然后，从第一端点到第二端点计算遍历多个潜在故障节点的路径。 此外，计算位于沿着第一端点和第二端点之间的路径的点处的中间节点。 从中间节点接收时间戳的分组，并且基于接收的时间戳分组来更新路径的第一端点和第二端点，使得可能故障节点的量减少。 然后，从减少量的潜在故障节点识别故障节点。

公开(公告)号：US09432248B2

公开(公告)日：2016-08-30

申请号：US14163488

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/0618 ,  H04L41/06 ,  H04L41/0604 ,  H04L41/0613 ,  H04L41/16 ,  H04L43/50 ,  Y02B60/33

Abstract: In one embodiment, a device (e.g., learning machine) determines a plurality of fate-sharing group (FSG) nodes in a computer network that are prone to simultaneously send an alarm upon detecting an event. As such, the device may elect one or more FSG owner nodes as a subset of the FSG nodes, and instructs the FSG group such that only FSG owner nodes send an alarm upon event detection.

Abstract translation: 在一个实施例中，设备（例如，学习机器）确定计算机网络中在检测到事件时容易同时发送警报的多个命运共享组（FSG）节点。 因此，设备可以选择一个或多个FSG所有者节点作为FSG节点的子集，并指示FSG组，使得只有FSG所有者节点在事件检测时发送报警。

公开(公告)号：US20160218951A1

公开(公告)日：2016-07-28

申请号：US14604570

申请日：2015-01-23

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Thomas Reuther

IPC: H04L12/26

CPC classification number: H04L63/1425 ,  H04L43/022 ,  H04L43/04 ,  H04L43/062 ,  H04L43/12 ,  H04L63/00 ,  H04L63/1416

Abstract: In one embodiment, a first device in a network receives traffic flow data from a plurality of devices in the network. The traffic flow data from at least one of the plurality of devices comprises raw packets of a traffic flow. The first device selects a set of reporting devices from among the plurality of devices based on the received traffic flow data. The first device provides traffic flow reporting instructions to the selected set of reporting devices. The traffic flow reporting instructions cause each reporting device to provide sampled traffic flow data to an anomaly detection device.

Abstract translation: 在一个实施例中，网络中的第一设备从网络中的多个设备接收业务流数据。 来自多个设备中的至少一个的流量数据包括业务流的原始分组。 第一设备基于所接收的业务流数据从多个设备中选择一组报告设备。 第一个设备向所选择的一组报告设备提供流量报告指令。 流量报告指令使每个报告设备向异常检测设备提供采样的流量数据。

公开(公告)号：US09374281B2

公开(公告)日：2016-06-21

申请号：US14164681

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/805 ,  H04W24/02 ,  H04L12/751 ,  H04L12/803 ,  H04L12/26 ,  H04W24/04 ,  H04L12/721

CPC classification number: H04L41/5025 ,  H04L41/12 ,  H04L43/0852 ,  H04L45/02 ,  H04L45/70 ,  H04L47/122 ,  H04L47/365 ,  H04W24/02 ,  H04W24/04 ,  Y04S40/164

Abstract: In one embodiment, a packet to be transmitted along a communication path in a network from a source to a destination is determined, the communication path having one or more hops between the source and the destination. An instruction is sent to one or more tracking nodes along the communication path to track a number of local retransmissions required to successfully transmit the packet from each tracking node to a respective next-hop destination. Then, reports indicating the number of local retransmissions are received from the one or more tracking nodes.

Abstract translation: 在一个实施例中，确定要沿着从源到目的地的网络中的通信路径发送的分组，该通信路径在源和目的地之间具有一个或多个跳。 沿着通信路径将一条指令发送到一个或多个跟踪节点，以跟踪成功将数据包从每个跟踪节点发送到相应的下一跳目的地所需的本地重发次数。 然后，从一个或多个跟踪节点接收指示本地重发次数的报告。

公开(公告)号：US20160028632A1

公开(公告)日：2016-01-28

申请号：US14338870

申请日：2014-07-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L12/803 ,  H04L12/28 ,  H04L12/24 ,  H04L12/853 ,  H04L12/26

CPC classification number: H04L47/122 ,  H04L12/28 ,  H04L41/0816 ,  H04L43/08 ,  H04L47/22 ,  H04L47/2416 ,  H04L47/26 ,  H04L47/823

Abstract: In one embodiment, a device in a network receives an indication of a traffic shaping rate adjustment by a node due to a network condition. The device identifies a set of network nodes that are associated with the network condition. The device detects a traffic shaping rules violation by an offending node in the set of network nodes. The device sends an instruction that causes the offending node to use a different traffic shaping rate.

Abstract translation: 在一个实施例中，网络中的设备由于网络状况而接收节点的流量整形速率调整的指示。 该设备识别与网络条件相关联的一组网络节点。 该设备检测网络节点集中的违规节点违反流量整形规则。 设备发送一个指令，导致违规节点使用不同的流量整形速率。

公开(公告)号：US20160028608A1

公开(公告)日：2016-01-28

申请号：US14591072

申请日：2015-01-07

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L12/26

CPC classification number: H04L43/0894 ,  H04L43/0805 ,  H04L43/0852 ,  H04L43/103 ,  H04L43/16

Abstract: In one embodiment, a device in a network receives data indicative of traffic characteristics of traffic associated with a particular application. The device identifies one or more paths in the network via which the traffic associated with the particular application was sent, based on the traffic characteristics. The device determines a probing schedule based on the traffic characteristics. The probing schedule simulates the traffic associated with the particular application. The device sends probes along the one or more identified paths according to the determined probing schedule.

Abstract translation: 在一个实施例中，网络中的设备接收指示与特定应用相关联的业务的业务特性的数据。 该设备基于流量特征识别网络中的一个或多个路径，通过该路径发送与特定应用相关联的流量。 设备根据流量特性确定探测时间表。 探测时间表模拟与特定应用相关的流量。 设备根据确定的探测时间表沿着一个或多个识别的路径发送探测。