公开(公告)号：US20200351172A1

公开(公告)日：2020-11-05

申请号：US16402308

申请日：2019-05-03

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Vinay Kumar Kolar

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/707

Abstract: In one embodiment, a device identifies one or more telemetry data variables for use to predict failure of a tunnel in a software-defined wide area network (SD-WAN). The device sends a Bidirectional Forwarding Detection (BFD)-based telemetry request towards a tail-end router of the tunnel that requests the one or more telemetry data variables. The device receives the requested one or more telemetry data variables. The device uses the received one or more telemetry data variables as input to a machine learning-based model, to predict a failure of the tunnel.

公开(公告)号：US10826772B2

公开(公告)日：2020-11-03

申请号：US16188452

申请日：2018-11-13

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L12/24 ,  H04L29/08 ,  G06N20/00

Abstract: In one embodiment, a device classification service assigns a set of endpoint devices to a context group. The device classification service forms a context summary feature vector for the context group that summarizes telemetry feature vectors for the endpoint devices assigned to the context group. Each telemetry feature vector is indicative of a plurality of traffic features observed for the endpoint devices. The device classification service normalizes a telemetry feature vector for a particular endpoint device using the context summary feature vector. The device classification service classifies, using the normalized telemetry feature vector for the particular endpoint device as input to a device type classifier, the particular endpoint device as being of a particular device type.

公开(公告)号：US20200342346A1

公开(公告)日：2020-10-29

申请号：US16392825

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Sharon Shoshana Wulff ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: G06N20/00 ,  H04L12/46 ,  H04L12/24

Abstract: In one embodiment, a supervisory service for a software-defined wide area network (SD-WAN) uses a plurality of different decision thresholds for a machine learning-based classifier, to predict tunnel failures of a tunnel in the SD-WAN. The supervisory service captures performance data indicative of performance of the classifier when using the different decision thresholds. The supervisory service selects, based on the captured performance data, a particular decision threshold for the classifier, in an attempt to optimize the performance of the classifier. The supervisory service uses the selected decision threshold for the classifier, to predict a tunnel failure of the tunnel.

公开(公告)号：US20200304530A1

公开(公告)日：2020-09-24

申请号：US16894332

申请日：2020-06-05

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Grégory Mermoud ,  Laurent Sartran ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a device obtains characteristics of a first anomaly detection model executed by a first distributed learning agent in a network. The device receives a query from a second distributed learning agent in the network that requests identification of a similar anomaly detection to that of a second anomaly detection model executed by the second distributed learning agent. The device identifies, after receiving the query from the second distributed learning agent, the first anomaly detection model as being similar to that of the second anomaly detection model, based on the characteristics of the first anomaly detection model. The device causes the first anomaly detection model to be sent to the second distributed learning agent for execution.

公开(公告)号：US10785090B2

公开(公告)日：2020-09-22

申请号：US15983437

申请日：2018-05-18

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Santosh Ghanshyam Pandey ,  Vikram Kumaran

IPC: H04L12/24 ,  H04L12/26 ,  G06N20/00 ,  H04L29/12

Abstract: In one embodiment, a network assurance service associates a target key performance indicator (tKPI) measured from a network with a plurality of causation key performance indicators (cKPIs) measured from the network that may indicate a root cause of a tKPI anomaly. The network assurance service applies a machine learning-based anomaly detector to the tKPI over time, to generate tKPI anomaly scores. The network assurance service calculates, for each of cKPIs, a mean and standard deviation of that cKPI using a plurality of different time windows associated with the tKPI anomaly scores. The network assurance service uses the calculated means and standard deviations of the cKPIs in the different time windows to calculate cross-correlation scores between the tKPI anomaly scores and the cKPIs. The network assurance service selects one or more of the cKPIs as the root cause of the tKPI anomaly based on their calculated cross-correlation scores.

公开(公告)号：US10771313B2

公开(公告)日：2020-09-08

申请号：US15881909

申请日：2018-01-29

Applicant: Cisco Technology, Inc.

Inventor： David Tedaldi ,  Grégory Mermoud ,  Jean-Philippe Vasseur

IPC: H04L12/24

Abstract: In one embodiment, a network assurance service receives one or more sets of network characteristics of a network, each network characteristic forming a different feature dimension in a multi-dimensional feature space. The network assurance service applies machine learning-based anomaly detection to the one or more sets of network characteristics, to label each set of network characteristics as anomalous or non-anomalous. The network assurance service identifies, based on the labeled one or more sets of network characteristics, an anomaly pattern as a collection of unidimensional cutoffs in the feature space. The network assurance service initiates a change to the network based on the identified anomaly pattern.

公开(公告)号：US10701095B2

公开(公告)日：2020-06-30

申请号：US16190756

申请日：2018-11-14

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Grégory Mermoud ,  Laurent Sartran ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a device in a network maintains a plurality of anomaly detection models for different sets of aggregated traffic data regarding traffic in the network. The device determines a measure of confidence in a particular one of the anomaly detection models that evaluates a particular set of aggregated traffic data. The device dynamically replaces the particular anomaly detection model with a second anomaly detection model configured to evaluate the particular set of aggregated traffic data and has a different model capacity than that of the particular anomaly detection model. The device provides an anomaly event notification to a supervisory controller based on a combined output of the second anomaly detection model and of one or more of the anomaly detection models in the plurality of anomaly detection models.

公开(公告)号：US10673728B2

公开(公告)日：2020-06-02

申请号：US15880689

申请日：2018-01-26

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Grégory Mermoud

IPC: H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a local service of a network reports configuration information regarding the network to a cloud-based network assurance service. The local service receives a classifier selected by the cloud-based network assurance service based on the configuration information regarding the network. The local service classifies, using the received classifier, telemetry data collected from the network, to select a modeling strategy for the network. The local service installs, based on the modeling strategy for the network, a machine learning-based model to the local service for monitoring the network.

公开(公告)号：US20200160100A1

公开(公告)日：2020-05-21

申请号：US16194442

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  David Tedaldi

IPC: G06K9/62 ,  H04L12/26 ,  G06F15/18

Abstract: In one embodiment, a device clusters traffic feature vectors for a plurality of endpoints in a network into a set of clusters. Each traffic feature vector comprises traffic telemetry data captured for one of the endpoints. The device selects one of the clusters for labeling, based in part on contextual data associated with the clusters that was not used to form the clusters. The device obtains a device type label for the selected cluster by providing data regarding the selected cluster and the contextual data associated with that cluster to a user interface. The device provides the device type label and the traffic feature vectors associated with the selected cluster for training a machine learning-based device type classifier.

公开(公告)号：US10659333B2

公开(公告)日：2020-05-19

申请号：US15188175

申请日：2016-06-21

Applicant: Cisco Technology, Inc.

Inventor： Laurent Sartran ,  Pierre-André Savalle ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Javier Cruz Mota ,  Sébastien Gay

IPC: H04L12/26

Abstract: In one embodiment, a device in a network determines cluster assignments that assign traffic data regarding traffic in the network to activity level clusters based on one or more measures of traffic activity in the traffic data. The device uses the cluster assignments to predict seasonal activity for a particular subset of the traffic in the network. The device determines an activity level for new traffic data regarding the particular subset of traffic in the network. The device detects a network anomaly by comparing the activity level for the new traffic data to the predicted seasonal activity.