公开(公告)号：US11140187B2

公开(公告)日：2021-10-05

申请号：US16517748

申请日：2019-07-22

Applicant: Cisco Technology, Inc.

Inventor： Laurent Sartran ,  Sébastien Gay ,  Pierre-André Savalle ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: In one embodiment, a device in a network receives traffic records indicative of network traffic between different sets of host address pairs. The device identifies one or more address grouping constraints for the sets of host address pairs. The device determines address groups for the host addresses in the sets of host address pairs based on the one or more address grouping constraints. The device provides an indication of the address groups to an anomaly detector.

公开(公告)号：US20210297442A1

公开(公告)日：2021-09-23

申请号：US16823650

申请日：2020-03-19

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Pierre-André Savalle ,  David Tedaldi

IPC: H04L29/06

Abstract: In various embodiments, a device classification service clusters devices in a network into a device type cluster based on attributes associated with the devices. The device classification service tracks changes to the device type cluster over time. The device classification service detects an attack on the device classification service by one or more of the devices based on the tracked changes to the device type cluster. The device classification service initiates a mitigation action for the detected attack on the device classification service.

公开(公告)号：US11128534B2

公开(公告)日：2021-09-21

申请号：US16194466

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Pierre-André Savalle ,  Jean-Philippe Vasseur

IPC: H04L12/24 ,  G06K9/62 ,  G06K9/66 ,  H04L12/26 ,  H04L29/06

Abstract: In one embodiment, a device classification service receives data indicative of network traffic policies assigned to a plurality of device types. The device classification service associates measures of policy restrictiveness with the device types, based on the received data indicative of the network traffic policies assigned to the plurality of device types. The device classification service determines misclassification costs associated with a machine learning-based device type classifier of the service misclassifying an endpoint device of one of the plurality device types with another of the plurality of device types, based on their associated measures of policy restrictiveness. The device classification service adjusts the machine learning-based device type classifier to account for the determined misclassification costs.

公开(公告)号：US11063861B2

公开(公告)日：2021-07-13

申请号：US16429159

申请日：2019-06-03

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Vinay Kumar Kolar ,  Sharon Shoshana Wulff

IPC: H04L12/703 ,  H04L12/46 ,  H04L12/24 ,  H04L12/715

Abstract: In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device makes a prediction as to whether a second tunnel in the SD-WAN will satisfy a service level agreement (SLA) associated with traffic on the first tunnel. The device proactively reroutes the traffic from the first tunnel onto the second tunnel, based on the prediction as to whether that the second tunnel will satisfy the SLA of the traffic. The device monitors one or more quality of service (QoS) metrics for the rerouted traffic, to ensure that the second tunnel satisfies the SLA of the traffic.

公开(公告)号：US10999146B1

公开(公告)日：2021-05-04

申请号：US16854292

申请日：2020-04-21

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  David Tedaldi ,  Jürg Nicolaus Diemand ,  Stéphane Bernard Martin

IPC: G06F15/16 ,  H04L12/24 ,  G06F16/35 ,  G06N20/00 ,  H04L12/26

Abstract: In various embodiments, a device classification service forms a device cluster by applying clustering to attributes of endpoint devices observed in one or more networks. The device classification service applies an initial device classification rule to the endpoint devices in the device cluster, based on one or more of the endpoint devices in the device cluster matching the initial device classification rule. The device classification service computes metrics for the initial device classification rule that quantify how well the attributes of the endpoint devices in the device cluster match the initial device classification rule. The device classification service decides, based on the metrics, whether to associate the initial device classification rule with the device cluster or generate a new device classification rule based on the device cluster.

公开(公告)号：US10944661B2

公开(公告)日：2021-03-09

申请号：US15682674

申请日：2017-08-22

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Abhishek Kumar

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: In one embodiment, a service in a network samples application traffic throughputs for a set of applications present in a network. The service generates a throughput model based on the sampled application throughputs for the set of applications. The service performs anomaly detection on wireless throughput measurements from the network by comparing the wireless throughput measurements to the generated throughput model. The service sends an anomaly detection notification based on a determination that the wireless throughput measurements from the network are anomalous.

公开(公告)号：US10931692B1

公开(公告)日：2021-02-23

申请号：US15001806

申请日：2016-01-20

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Andrea Di Pietro

IPC: G06F11/00 ,  H04L29/06 ,  G06N20/00

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

公开(公告)号：US10917803B2

公开(公告)日：2021-02-09

申请号：US15620109

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Pierre-André Savalle ,  Grégory Mermoud

IPC: H04W24/08 ,  H04W24/02 ,  H04W88/08

Abstract: In one embodiment, a device receives observed access point (AP) features of one or more APs in a monitored network. The device clusters the observed AP features within a latent space to form AP feature clusters. The device applies labels to the AP feature clusters within the latent space. The device uses the applied labels to the AP feature clusters to describe future behaviors of the one or more APs in the monitored network.

公开(公告)号：US20200382414A1

公开(公告)日：2020-12-03

申请号：US16429159

申请日：2019-06-03

Applicant: Cisco Technology Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Vinay Kumar Kolar ,  Sharon Shoshana Wulff

IPC: H04L12/703 ,  H04L12/715 ,  H04L12/46 ,  H04L12/24

Abstract: In one embodiment, a device predicts a failure of a first tunnel in a software-defined wide area network (SD-WAN). The device makes a prediction as to whether a second tunnel in the SD-WAN will satisfy a service level agreement (SLA) associated with traffic on the first tunnel. The device proactively reroutes the traffic from the first tunnel onto the second tunnel, based on the prediction as to whether that the second tunnel will satisfy the SLA of the traffic. The device monitors one or more quality of service (QoS) metrics for the rerouted traffic, to ensure that the second tunnel satisfies the SLA of the traffic.

公开(公告)号：US20200382373A1

公开(公告)日：2020-12-03

申请号：US16428202

申请日：2019-05-31

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Pierre-Andre Savalle ,  David Tedaldi

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/723

Abstract: In one embodiment, a service receives a plurality of device type classification rules, each rule comprising a device type label and one or more device attributes used as criteria for application of the label to a device in a network. The service estimates, across a space of the device attributes, device densities of devices having device attributes at different points in that space. The service uses the estimated device densities to identify two or more of the device type classification rules as having overlapping device attributes. The service determines that the two or more device type classification rules are in conflict, based on the two or more rules having different device type labels. The service generates a rule conflict resolution that comprises one of the device type labels from the conflicting two or more device type classification rules.