公开(公告)号：US11595268B2

公开(公告)日：2023-02-28

申请号：US17186148

申请日：2021-02-26

Applicant: Cisco Technology, Inc.

Inventor： Enzo Fenoglio ,  Hugo Latapie ,  David Delano Ward ,  Sawsen Rezig ,  Raphaël Wouters ,  Didier Colens ,  Donald Mark Allen ,  Dmitri Goloubev

IPC: H04L41/16 ,  H04L41/0604 ,  G06N20/00 ,  G06N5/04 ,  H04L41/069 ,  H04L43/04 ,  H04L41/22 ,  H04L41/142

Abstract: In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

公开(公告)号：US20230059673A1

公开(公告)日：2023-02-23

申请号：US17408979

申请日：2021-08-23

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Ozkan Kilic ,  Adam James Lawrence ,  Gaowen Liu

IPC: G06N5/04 ,  G06K9/00 ,  G06N5/02

Abstract: In one embodiment, a device makes an inference about an event indicated by sensor data from a plurality of sources by applying a semantic reasoning engine to the sensor data. The device receives a selected semantic compression level from a user interface. The device selects a subset of the sensor data based on the inference and on the selected semantic compression level. The device exports the subset of the sensor data and the inference made by the semantic reasoning engine about the event.

公开(公告)号：US11379510B2

公开(公告)日：2022-07-05

申请号：US16819783

申请日：2020-03-16

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Andre Surcouf ,  Joseph T. Friel ,  Pete Rai

IPC: G06F16/00 ,  G06F16/36 ,  H04L41/14 ,  G06F16/33 ,  G06F16/9535 ,  H04L41/16 ,  H04L41/12

Abstract: A method comprises collecting, by a computing device located at an edge of a network, data items corresponding to information transmitted by endpoints using the network, generating, by the computing device, a probabilistic hierarchy using the data items, generating, by the computing device using the probabilistic hierarchy and natural language data, a similarity metric, generating, by the computing device using the probabilistic hierarchy, the natural language data, and the similarity metric, an ontology, detecting, by the computing device using the ontology, an anomaly, and in response to detecting the anomaly, sending a notification.

公开(公告)号：US20210279602A1

公开(公告)日：2021-09-09

申请号：US16811823

申请日：2020-03-06

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  David Delano Ward

IPC: G06N5/02

Abstract: In one embodiment, a deep fusion reasoning engine receives network telemetry data collected from a network. The deep fusion reasoning engine learns resource utilizations for different heuristic packages that can be used in the network to evaluate operation of the network. The deep fusion reasoning engine selects one of the heuristic packages based on the resource utilizations learned for the different heuristic packages. The selected heuristic package comprises a subservice and a set of rules to be evaluated. The deep fusion reasoning engine deploys the selected heuristic package for execution by a device in the network to evaluate operation of the network using the set of rules.

公开(公告)号：US11108678B2

公开(公告)日：2021-08-31

申请号：US15845291

申请日：2017-12-18

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Enzo Fenoglio ,  Jean-Philippe Vasseur ,  Hugo Latapie

IPC: G06F15/173 ,  H04L12/751 ,  H04L12/725 ,  H04L12/24 ,  H04L12/851 ,  H04L12/707

Abstract: In one embodiment, a controller in a network trains a deep reinforcement learning-based agent to predict traffic flows in the network. The controller determines one or more resource requirements for the predicted traffic flows. The controller assigns, using the deep reinforcement learning-based agent, paths in the network to the flows based on the determined one or more resource requirements, to avoid fragmentation of a flow during transmission of the flow through the network. The controller sends, to nodes in the network, assignment instructions that cause the flows to traverse the network via their assigned paths.

公开(公告)号：US11005965B2

公开(公告)日：2021-05-11

申请号：US16666518

申请日：2019-10-29

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Plamen Nedeltchev ,  Manikandan Kesavan ,  Joseph Friel

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a device in a network monitors a plurality of traffic flows in the network. The device extracts a plurality of features from the monitored plurality of traffic flows. The device generates a context model by using deep learning and reinforcement learning on the plurality of features extracted from the monitored traffic flows. The device applies the context model to a particular traffic flow associated with a client, to determine a context for the particular traffic flow. The device personalizes data sent to the client from a remote source based on the determined context.

公开(公告)号：US10812523B2

公开(公告)日：2020-10-20

申请号：US15896182

申请日：2018-02-14

Applicant: Cisco Technology, Inc.

Inventor： Hugo Latapie ,  Enzo Fenoglio ,  Pascal Thubert ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  G06N3/08 ,  G06N20/00 ,  G06F16/18

Abstract: In one embodiment, a device maintains a journal of uncommitted changes to a file system of the device in a layer that is hot-swappable with a writable container layer. The device augments the journal with metadata regarding a particular uncommitted change to the file system of the device. The device applies, within a sandbox environment of the device, a machine learning-based anomaly detector to the particular uncommitted change to the file system and the metadata regarding the change, to determine whether the particular uncommitted change to the file system is indicative of a destruction of service attack on the device. The device causes performance of a mitigation action when the machine learning-based anomaly detector determines that the particular uncommitted change to the file system is indicative of a destruction of service attack on the device.

公开(公告)号：US10509969B2

公开(公告)日：2019-12-17

申请号：US15702061

申请日：2017-09-12

Applicant: Cisco Technology, Inc.

Inventor： Victor Tsekay To ,  Feng Jiang ,  Nham Van Le ,  Hugo Latapie ,  Enzo Fenoglio

IPC: G06K9/00 ,  G06K9/32 ,  G06K3/02

Abstract: In one embodiment, a device identifies, from image data captured by one or more cameras of a physical location, a focal point of interest and people located within the physical location. The device forms a set of nodes whereby a given node represents one or more of the identified people located within the physical location. The device represents a person queue as an ordered list of nodes from the set of nodes and adds a particular one of the set of nodes to the list based on the particular node being within a predefined distance to the focal point of interest. The device adds one or more nodes to the list based on the added node being within an angle and distance range trailing a forward direction associated with at least one node in the list. The device provides an indication of the person queue to an interface.

公开(公告)号：US20190297004A1

公开(公告)日：2019-09-26

申请号：US15927014

申请日：2018-03-20

Applicant: Cisco Technology, Inc.

Inventor： Enzo Fenoglio ,  Hugo Latapie ,  Pascal Thubert

IPC: H04L12/721 ,  H04W40/16 ,  H04W40/18 ,  H04W40/10 ,  G06N7/00 ,  G06F15/18

Abstract: In one embodiment, a processor receives observed node characteristics of a node in a network. The node characteristics include a link cost metric for a network link associated with the node. The processor uses a Bayesian learning model to estimate a virtual link cost metric based on the observed node characteristics. The model uses statistics regarding the observed link cost metric as background belief measures. The processor forms a routing path in the network that includes the network link in part based on an objective function that uses the virtual link cost metric as a parameter.

公开(公告)号：US20190245882A1

公开(公告)日：2019-08-08

申请号：US15891749

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Manikandan Kesavan ,  Plamen Nedeltchev ,  Hugo Latapie ,  Enzo Fenoglio

IPC: H04L29/06 ,  G06N99/00

Abstract: In one embodiment, a security device maintains a plurality of security enclaves for a computer network, each associated with a given level of security policies. After detecting a given device joining the computer network, the security device places the given device in a strictest security enclave of the plurality of security enclaves in response to joining the computer network. The security device then subjects the given device to joint adversarial training, where a control agent representing behavior of the given device is trained against an inciting agent, and where the inciting agent attempts to force the control agent to misbehave by applying destabilizing policies. Accordingly, the security device may determine control agent behavior during the joint adversarial training, and promotes the given device to a less strict security enclave of the plurality of enclaves in response to the control agent being robust against the attempts by the inciting agent.