公开(公告)号：US20180357560A1

公开(公告)日：2018-12-13

申请号：US15620116

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Andrea Di Pietro ,  Grégory Mermoud ,  Sukrit Dasgupta ,  Jean-Philippe Vasseur

IPC: G06N99/00 ,  H04L12/26 ,  G06N5/04

CPC classification number: G06N99/005 ,  G06N5/04 ,  H04L43/06

Abstract: In one embodiment, a device identifies a new data source of characteristics data for a monitored network. The device initiates a quarantine period for the characteristic data from the new data source. The characteristic data from the new data source is quarantined from input to a machine learning-based analyzer during the quarantine period. The device models the characteristic data from the new data source during the quarantine period, to determine whether the characteristic data from the new data source is reliable for input to the machine learning-based analyzer. After the quarantine period, the device provides the characteristic data from the new data source to the machine learning-based analyzer based on a determination that the characteristic data from the new data source is reliable.

公开(公告)号：US10103970B2

公开(公告)日：2018-10-16

申请号：US15146397

申请日：2016-05-04

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L12/721 ,  H04L12/851 ,  H04W40/14 ,  H04W40/24 ,  H04L12/725 ,  H04L12/753 ,  H04L12/24 ,  H04L12/26

Abstract: Statistical and historical values of performance metrics are actively used to influence routing decisions for optimum topologies in a constrained network. Traffic service level is constantly monitored and compared with a service level agreement. If deviation exists between the monitored traffic service level and the terms of the service level agreement, stability metrics are used to maintain paths through the network that meet the terms of the traffic service level agreement or that improve the traffic flow through the network. Backup parent selection for a node in the network is performed based on previous performance of backup parents for the node.

公开(公告)号：US09923911B2

公开(公告)日：2018-03-20

申请号：US14878171

申请日：2015-10-08

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud

IPC: G06F11/00 ,  H04L29/06 ,  H04L29/08 ,  G06F9/445

CPC classification number: H04L63/1425 ,  G06F8/60 ,  G06F11/00 ,  H04L41/00 ,  H04L67/34 ,  H04L69/40

Abstract: In one embodiment, a device in a network maintains information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models. The device receives an indication of a planned application deployment in the network. The device adjusts an anomaly detection strategy of a particular anomaly detector in the network based on the planned application deployment and on the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models.

公开(公告)号：US09887874B2

公开(公告)日：2018-02-06

申请号：US14276501

申请日：2014-05-13

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/707 ,  H04L12/803 ,  H04L12/801

CPC classification number: H04L41/0668 ,  H04L43/062 ,  H04L43/0876 ,  H04L45/22 ,  H04L47/122 ,  H04L47/125 ,  H04L47/127

Abstract: In one embodiment, a plurality of paths in a network from a source device to a destination device is identified. A predicted performance for packet delivery along a primary path from the plurality of paths is determined. The predicted performance for packet delivery along the primary path is then compared to a performance threshold. Traffic sent along the primary path may be duplicated onto a backup path selected from the plurality of paths based on a determination that the predicted performance along the primary path is below the performance threshold.

公开(公告)号：US20170279836A1

公开(公告)日：2017-09-28

申请号：US15211231

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud

IPC: H04L29/06 ,  G06N99/00

Abstract: In one embodiment, a device in a network receives anomaly data regarding an anomaly detected by a machine learning-based anomaly detection mechanism of a first node in the network. The device matches the anomaly data to threat intelligence feed data from one or more threat intelligence services. The device determines whether to provide threat intelligence feedback to the first node based on the matched threat intelligence feed data and one or more policy rules. The device provides threat intelligence feedback to the first node regarding the matched threat intelligence feed data, in response to determining that the device should provide threat intelligence feedback to the first node.

公开(公告)号：US09652720B2

公开(公告)日：2017-05-16

申请号：US13937705

申请日：2013-07-09

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta

IPC: G06N99/00 ,  H04W4/00 ,  H04L29/08

CPC classification number: G06N99/005 ,  H04L67/12 ,  H04W4/70

Abstract: In one embodiment, network data is received at a Learning Machine (LM) in a network. It is determined whether the LM recognizes the received network data based on information available to the LM. When the LM fails to recognize the received network data: a connection to a central management node is established, a request is sent for information relating to the unrecognized network data to the central management node, and information is received from the central management node in response to the request. The received information assists the LM in recognizing the unrecognized network data.

公开(公告)号：US09628362B2

公开(公告)日：2017-04-18

申请号：US13955860

申请日：2013-07-31

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L43/10 ,  H04L41/147 ,  H04L41/16 ,  H04L43/08 ,  Y04S40/168

Abstract: In one embodiment, techniques are shown and described relating to learning machine based detection of abnormal network performance. In particular, in one embodiment, a border router receives a set of network properties xi and network performance metrics Mi from a network management server (NMS), and then intercepts xi and Mi transmitted from nodes in a computer network of the border router. As such, the border router may then build a regression function F based on xi and Mi, and can detect one or more anomalies in the intercepted xi and Mi based on the regression function F. In another embodiment, the NMS, which instructed the border router, receives the detected anomalies from the border router.

公开(公告)号：US20170104773A1

公开(公告)日：2017-04-13

申请号：US14878145

申请日：2015-10-08

Applicant: Cisco Technology, Inc.

Inventor： Fabien Flacher ,  Grégory Mermoud ,  Jean-Philippe Vasseur ,  Sukrit Dasgupta

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1458

Abstract: In one embodiment, a device in a network analyzes data indicative of a behavior of a network using a supervised anomaly detection model. The device determines whether the supervised anomaly detection model detected an anomaly in the network from the analyzed data. The device trains an unsupervised anomaly detection model, based on a determination that no anomalies were detected by the supervised anomaly detection model.

公开(公告)号：US09503359B2

公开(公告)日：2016-11-22

申请号：US14163316

申请日：2014-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sukrit Dasgupta ,  Jean-Philippe Vasseur ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/721 ,  H04L12/703 ,  H04L12/753 ,  H04L12/751

CPC classification number: H04L45/14 ,  H04L41/0681 ,  H04L41/0686 ,  H04L41/0816 ,  H04L41/0886 ,  H04L41/12 ,  H04L41/147 ,  H04L41/16 ,  H04L41/18 ,  H04L41/30 ,  H04L43/0811 ,  H04L45/026 ,  H04L45/08 ,  H04L45/28 ,  H04L45/48

Abstract: In one embodiment, a device determines a topological profile of individual nodes in a shared-media communication network, and also determines a respective likelihood of the nodes in the network to become a root of a floating topology based on the topological profiles. Accordingly, the device may provide instructions to particular nodes in the network based on the respective likelihoods.

Abstract translation: 在一个实施例中，设备确定共享 - 媒体通信网络中各个节点的拓扑概况，并且还基于拓扑概况确定网络中的节点的相应可能性成为浮动拓扑的根。 因此，设备可以基于各自的可能性向网络中的特定节点提供指令。

公开(公告)号：US09473364B2

公开(公告)日：2016-10-18

申请号：US14164544

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sukrit Dasgupta ,  Grégory Mermoud ,  Jonathan W. Hui

IPC: H04L12/24 ,  H04L12/805 ,  H04W24/02 ,  H04L12/751 ,  H04L12/803 ,  H04L12/26 ,  H04W24/04 ,  H04L12/721

CPC classification number: H04L41/5025 ,  H04L41/12 ,  H04L43/0852 ,  H04L45/02 ,  H04L45/70 ,  H04L47/122 ,  H04L47/365 ,  H04W24/02 ,  H04W24/04 ,  Y04S40/164

Abstract: In one embodiment, a routing topology of a network including nodes interconnected by communication links is determined. Important nodes in the network which are of relative importance are determined based on their location in the determined routing topology. Also, one or more request messages are sent causing the important nodes to gather local network metrics. Then, in response to the one or more request messages, one or more response messages including the network metrics gathered by each important node are received.

Abstract translation: 在一个实施例中，确定包括由通信链路互连的节点的网络的路由拓扑。 基于其在确定的路由拓扑中的位置来确定网络中具有相对重要性的重要节点。 此外，发送一个或多个请求消息，导致重要节点收集本地网络度量。 然后，响应于一个或多个请求消息，接收包括由每个重要节点收集的网络度量的一个或多个响应消息。