公开(公告)号：US20210158106A1

公开(公告)日：2021-05-27

申请号：US16692165

申请日：2019-11-22

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Vinay Kumar Kolar ,  Andrea Di Pietro ,  Grégory Mermoud ,  Pierre-Andre Savalle

IPC: G06K9/62 ,  H04L12/26 ,  H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a service computes a data fidelity metric for network telemetry data used by a machine learning model to monitor a computer network. The service detects unacceptable performance of the machine learning model. The service determines a correlation between the data fidelity metric and the unacceptable performance of the machine learning model. The service adjusts generation of the network telemetry data for input to the machine learning model, based on the determined correlation between the data fidelity metric and the unacceptable performance of the machine learning model.

公开(公告)号：US10691082B2

公开(公告)日：2020-06-23

申请号：US15831482

申请日：2017-12-05

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: G05B13/04 ,  H04L12/26 ,  H04L12/24

Abstract: In one embodiment, a network assurance service receives data regarding a monitored network. The service analyzes the received data using a machine learning-based model, to perform a network assurance function for the monitored network. The service detects a lowered performance of the machine learning-based model when a performance metric of the machine learning-based model is below a threshold for the performance metric. When it is determined that the lowered performance of the machine-learning based model is correlated with the sample rate of the received data, the service adjusts the sample rate of the data.

公开(公告)号：US20200007412A1

公开(公告)日：2020-01-02

申请号：US16564176

申请日：2019-09-09

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L12/24 ,  H04L29/06

Abstract: In one embodiment, possible voting nodes in a network are identified. The possible voting nodes each execute a classifier that is configured to select a label from among a plurality of labels based on a set of input features. A set of one or more eligible voting nodes is selected from among the possible voting nodes based on a network policy. Voting requests are then provided to the one or more eligible voting nodes that cause the one or more eligible voting nodes to select labels from among the plurality of labels. Votes are received from the eligible voting nodes that include the selected labels and are used to determine a voting result.

公开(公告)号：US10484255B2

公开(公告)日：2019-11-19

申请号：US15626412

申请日：2017-06-19

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Grégory Mermoud ,  Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L12/26 ,  H04L29/06 ,  G06F16/2457 ,  H04L12/24 ,  G06N20/00

Abstract: In one embodiment, a device receives health status data indicative of a health status of a data source in a network that provides collected telemetry data from the network for analysis by a machine learning-based network analyzer. The device maintains a performance model for the data source that models the health of the data source. The device computes a trustworthiness index for the telemetry data provided by the data source based on the received health status data and the performance model for the data source. The device adjusts, based on the computed trustworthiness index for the telemetry data provided by the data source, one or more parameters used by the machine learning-based network analyzer to analyze the telemetry data provided by the data source.

公开(公告)号：US10038713B2

公开(公告)日：2018-07-31

申请号：US14270759

申请日：2014-05-06

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Andrea Di Pietro

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/10 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: In one embodiment, attack detectability metrics are received from nodes along a path in a network. The attack detectability metrics from the nodes along the path are used to compute a path attack detectability value. A determination is made as to whether the path attack detectability value satisfies a network policy and one or more routing paths in the network are adjusted based on the path attack detectability value not satisfying the network policy.

公开(公告)号：US09922196B2

公开(公告)日：2018-03-20

申请号：US15386873

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: G06F21/57 ,  H04L29/06

CPC classification number: G06F21/577 ,  G06F2221/034 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1458 ,  H04L67/1002

Abstract: In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.

公开(公告)号：US20170279835A1

公开(公告)日：2017-09-28

申请号：US15211145

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L29/06 ,  G06N99/00 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06N3/006 ,  G06N20/00 ,  H04L41/147 ,  H04L43/024 ,  H04L43/062 ,  H04L43/14 ,  H04L63/02 ,  H04L63/145 ,  H04L63/1458 ,  H04L2463/144

Abstract: In one embodiment, a node in a network detects an anomaly in the network based on a result of a machine learning-based anomaly detector analyzing network traffic. The node determines a packet capture policy for the anomaly by applying a machine learning-based classifier to the result of the anomaly detector. The node selects a set of packets from the analyzed traffic based on the packet capture policy. The node stores the selected set of packets for the detected anomaly.

公开(公告)号：US09674207B2

公开(公告)日：2017-06-06

申请号：US14338794

申请日：2014-07-23

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/1458

Abstract: In one embodiment, a device in a network identifies a set of traffic flow records that triggered an attack detector. The device selects a subset of the traffic flow records and calculates aggregated metrics for the subset. The device provides the aggregated metrics for the subset to the attack detector to generate an attack detection determination for the subset of traffic flow records. The device identifies one or more attack traffic flows from the set of traffic flow records based on the attack detection determination for the subset of traffic flow records.

公开(公告)号：US09641542B2

公开(公告)日：2017-05-02

申请号：US14336206

申请日：2014-07-21

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Javier Cruz Mota

IPC: G06F21/56 ,  H04L29/06 ,  G06F21/12

CPC classification number: H04L63/1416 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives information regarding one or more attack detection service level agreements. The device identifies a set of attack detection classifiers as potential voters in a voting mechanism used to detect a network attack. The device determines one or more parameters for the voting mechanism based on the information regarding the one or more attack detection service level agreements. The device adjusts the voting mechanism used by the potential voters based on the one or more parameters for the voting mechanism.

公开(公告)号：US09635050B2

公开(公告)日：2017-04-25

申请号：US14338526

申请日：2014-07-23

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04L29/06 ,  G06F21/55 ,  G06N99/00

CPC classification number: H04L63/1458 ,  G06F21/55 ,  G06N99/005 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/1416

Abstract: In one embodiment, data flows are received in a network, and information relating to the received data flows is provided to a machine learning attack detector. Then, in response to receiving an attack detection indication from the machine teaming attack detector, a traffic segregation procedure is performed including: computing an anomaly score for each of the received data flows based on a degree of divergence from an expected traffic model, determining a subset of the received data flows that have an anomaly score that is lower than or equal to an anomaly threshold value, and providing information relating to the subset of the received data flows to the machine learning attack detector.