公开(公告)号：US09369351B2

公开(公告)日：2016-06-14

申请号：US14164507

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04L12/24 ,  H04L12/805 ,  H04W24/02 ,  H04L12/751 ,  H04L12/803 ,  H04L12/26 ,  H04W24/04 ,  H04L12/721

CPC classification number: H04L41/5025 ,  H04L41/12 ,  H04L43/0852 ,  H04L45/02 ,  H04L45/70 ,  H04L47/122 ,  H04L47/365 ,  H04W24/02 ,  H04W24/04 ,  Y04S40/164

Abstract: In one embodiment, statistical information is collected relating to one or both of communication link quality or channel quality in a frequency-hopping network, in which packets are sent according to a frequency-hopping schedule that defines one or more timeslots, each timeslot corresponding to a transmission frequency. Also, a performance metric of a particular transmission frequency corresponding to a scheduled timeslot is predicted based on the collected statistical information. Based on the predicted performance metric, it is determined whether a transmitting node in the frequency-hopping network should transmit a packet during the scheduled timeslot using the particular transmission channel or wait until a subsequent timeslot to transmit the packet using another transmission frequency.

Abstract translation: 在一个实施例中，收集关于跳频网络中的通信链路质量或信道质量中的一个或两个的统计信息，其中根据定义一个或多个时隙的跳频调度发送分组，每个时隙对应于 传输频率。 此外，基于收集的统计信息来预测对应于调度时隙的特定传输频率的性能度量。 基于预测的性能度量，确定跳频网络中的发送节点是否应该在调度时隙期间使用特定传输信道发送分组，或者等待直到后续时隙来使用另一个传输频率来发送分组。

公开(公告)号：US09294488B2

公开(公告)日：2016-03-22

申请号：US14165415

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Andrea Di Pietro ,  Jonathan W. Hui

IPC: H04L29/06 ,  G06N99/00 ,  H04W12/12

CPC classification number: H04L63/1416 ,  G06N99/005 ,  H04K3/226 ,  H04K2203/18 ,  H04L63/1441 ,  H04L63/1458 ,  H04W12/12

Abstract: In one embodiment, a control loop control using a broadcast channel may be used to communicate with a node under attack. A management device may receive data indicating that one or more nodes in a computer network are under attack. The management device may then determine that one or more intermediate nodes are in proximity to the one or more nodes under attack, and communicate an attack-mitigation packet to the one or more nodes under attack by using the one or more intermediate nodes to relay the attack-mitigation packet to the one or more nodes under attack.

Abstract translation: 在一个实施例中，使用广播信道的控制环路控制可以用于与被攻击的节点进行通信。 管理设备可以接收指示计算机网络中的一个或多个节点受到攻击的数据。 然后，管理设备可以确定一个或多个中间节点处于受攻击的一个或多个节点附近，并且通过使用一个或多个中间节点将攻击缓解分组传送给被攻击的一个或多个节点，以将中继节点中继 攻击缓解包到被攻击的一个或多个节点。

公开(公告)号：US20160028763A1

公开(公告)日：2016-01-28

申请号：US14338582

申请日：2014-07-23

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1458 ,  H04L63/1416

Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.

Abstract translation: 在一个实施例中，业务模型管理器节点接收网络中的数据流，并确定所接收的数据流遵循一个或多个将特定类型的数据流分类为非恶意的业务模型的程度。 如果接收到的数据流符合一个或多个业务模型的程度就足够了，则流量模型管理器节点将接收到的数据流表征为非恶意的。 否则，流量模型管理器节点将接收到的数据流提供给网络中的拒绝服务（DoS）攻击检测器，以允许接收到的数据流被扫描以进行潜在的攻击。

公开(公告)号：US20160028751A1

公开(公告)日：2016-01-28

申请号：US14338751

申请日：2014-07-23

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Andrea Di Pietro ,  Jean-Philippe Vasseur

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L63/1458 ,  H04L63/1466 ,  H04W4/70 ,  H04W12/12

Abstract: In one embodiment, a device in a network receives a set of output label dependencies for a set of attack detectors. The device identifies applied labels that were applied by the attack detectors to input data regarding a network, the applied labels being associated with probabilities. The device determines a combined probability for two or more of the applied labels based on the output label dependencies and the probabilities associated with the two or more labels. The device selects one of the applied labels as a finalized label for the input data based on the probabilities associated with the applied labels and on the combined probability for the two or more labels.

Abstract translation: 在一个实施例中，网络中的设备接收一组攻击检测器的一组输出标签依赖性。 设备识别由攻击检测器应用的应用标签以输入关于网络的数据，所应用的标签与概率相关联。 该设备基于输出标签依赖性和与两个或多个标签相关联的概率来确定两个或多个应用标签的组合概率。 设备根据与应用标签相关联的概率和两个或多个标签的组合概率，将所应用的标签之一选择为输入数据的最终标签。

公开(公告)号：US20150195296A1

公开(公告)日：2015-07-09

申请号：US14164475

申请日：2014-01-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jean-Philippe Vasseur ,  Javier Cruz Mota ,  Andrea Di Pietro

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06N3/02 ,  G06N3/08 ,  G06N3/084 ,  G06N99/005 ,  H04L41/16 ,  H04L43/0876 ,  H04L45/48 ,  H04L47/127 ,  H04L47/2466 ,  H04L47/41

Abstract: In one embodiment, a training request is sent to a plurality of nodes in a network to cause the nodes to generate statistics regarding unicast and broadcast message reception rates associated with the nodes. The statistics are received from the nodes and a statistical model is generated using the received statistics and is configured to detect a network attack by comparing unicast and broadcast message reception statistics. The statistical model is then provided to the nodes and an indication that a network attack was detected by a particular node is received from the particular node.

Abstract translation: 在一个实施例中，训练请求被发送到网络中的多个节点，以使节点产生关于与节点相关联的单播和广播消息接收速率的统计。 从节点接收统计信息，并使用接收到的统计信息生成统计模型，并配置为通过比较单播和广播消息接收统计信息来检测网络攻击。 然后将统计模型提供给节点，并且从特定节点接收到特定节点检测到网络攻击的指示。

公开(公告)号：US20150193693A1

公开(公告)日：2015-07-09

申请号：US14164443

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Javier Cruz Mota

IPC: G06N99/00 ,  G06N3/08

CPC classification number: H04L63/1425 ,  G06N3/02 ,  G06N3/08 ,  G06N3/084 ,  G06N99/005 ,  H04L41/16 ,  H04L43/0876 ,  H04L45/48 ,  H04L47/127 ,  H04L47/2466 ,  H04L47/41

Abstract: In one embodiment, local model parameters are generated by training a machine learning model at a device in a computer network using a local data set. One or more other devices in the network are identified that have trained machine learning models using remote data sets that are similar to the local data set. The local model parameters are provided to the one or more other devices to cause the one or more other devices to generate performance metrics using the provided model parameters. Performance metrics for model parameters are received from the one or more other devices and a global set of model parameters is selected for the device and the one or more other devices using the received performance metrics.

Abstract translation: 在一个实施例中，通过使用本地数据集在计算机网络中的设备处训练机器学习模型来生成本地模型参数。 识别网络中的一个或多个其他设备，其使用与本地数据集相似的远程数据集来训练机器学习模型。 将本地模型参数提供给一个或多个其他设备以使得一个或多个其他设备使用所提供的模型参数来生成性能度量。 从一个或多个其他设备接收模型参数的性能度量，并且使用所接收的性能度量为设备和一个或多个其他设备选择一组全局模型参数。

公开(公告)号：US20150186642A1

公开(公告)日：2015-07-02

申请号：US14165439

申请日：2014-01-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro ,  Jonathan W. Hui

IPC: G06F21/55

CPC classification number: G06F21/554 ,  H04W12/12

Abstract: In one embodiment, techniques are shown and described relating to quarantine-based mitigation of effects of a local DoS attack. A management device may receive data indicating that one or more nodes in a shared-media communication network are under attack by an attacking node. The management device may then communicate a quarantine request packet to the one or more nodes under attack, the quarantine request packet providing instructions to the one or more nodes under attack to alter their frequency hopping schedule without allowing the attacking node to learn of the altered frequency hopping schedule.

Abstract translation: 在一个实施例中，显示和描述与基于隔离的缓解本地DoS攻击的影响相关的技术。 管理设备可以接收指示共享媒体通信网络中的一个或多个节点受攻击节点攻击的数据。 然后，管理设备可以向被攻击的一个或多个节点传送隔离请求分组，所述隔离请求分组向被攻击的一个或多个节点提供指令以改变其跳频计划，而不允许攻击节点学习改变的频率 跳跃时间表。

公开(公告)号：US12149421B2

公开(公告)日：2024-11-19

申请号：US18058103

申请日：2022-11-22

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Erwan Barry Tarik Zerhouni ,  Abhishek Kumar

IPC: H04L43/067 ,  H04L41/0631 ,  H04L43/045 ,  H04L43/16

Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for evaluating the impact of network changes. The technology can detect a temporal event, wherein the temporal event is associated with a change in a network configuration, implementation, or utilization; define a first period prior to the temporal event and a second period posterior to the temporal event; and compare network data collected in the first period and network data collected in the second period.

公开(公告)号：US11856425B2

公开(公告)日：2023-12-26

申请号：US17152917

申请日：2021-01-20

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Pierre-André Savalle ,  Grégory Mermoud

IPC: H04W24/08 ,  H04W24/02 ,  H04W88/08

CPC classification number: H04W24/08 ,  H04W24/02 ,  H04W88/08

Abstract: In one embodiment, a device receives observed access point (AP) features of one or more APs in a monitored network. The device clusters the observed AP features within a latent space to form AP feature clusters. The device applies labels to the AP feature clusters within the latent space. The device uses the applied labels to the AP feature clusters to describe future behaviors of the one or more APs in the monitored network.

公开(公告)号：US11405802B2

公开(公告)日：2022-08-02

申请号：US16905210

申请日：2020-06-18

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Grégory Mermoud ,  Jean-Philippe Vasseur ,  Javier Cruz Mota

IPC: H04W24/02 ,  H04W36/32 ,  H04W64/00 ,  H04W36/00 ,  H04L45/48 ,  H04W40/22 ,  H04W84/12 ,  H04W36/30

Abstract: In one embodiment, a device receives data regarding usage of access points in a network by a plurality of clients in the network. The device maintains an access point graph that represents the access points in the network as vertices of the access point graph. The device generates, for each of the plurality of clients, client trajectories as trajectory subgraphs of the access point graph. A particular client trajectory for a particular client comprises a set of edges between a subset of the vertices of the access point graph and represents transitions between access points in the network performed by the particular client. The device identifies a transition pattern from the client trajectories by deconstructing the trajectory subgraphs. The device uses the identified transition pattern to effect a configuration change in the network.