公开(公告)号：US20190334941A1

公开(公告)日：2019-10-31

申请号：US16508398

申请日：2019-07-11

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Sébastien Gay ,  Grégory Mermoud ,  Pierre-André Savalle ,  Alexandre Honoré ,  Fabien Flacher

IPC: H04L29/06 ,  H04L12/24

Abstract: In one embodiment, a networking device at an edge of a network generates a first set of feature vectors using information regarding one or more characteristics of host devices in the network. The networking device forms the host devices into device clusters dynamically based on the first set of feature vectors. The networking device generates a second set of feature vectors using information regarding traffic associated with the device clusters. The networking device models interactions between the device clusters using a plurality of anomaly detection models that are based on the second set of feature vectors.

公开(公告)号：US10454785B2

公开(公告)日：2019-10-22

申请号：US14273108

申请日：2014-05-08

Applicant: Cisco Technology, Inc.

Inventor： Javier Cruz Mota ,  Jean-Philippe Vasseur ,  Andrea Di Pietro

IPC: H04L12/24 ,  G06Q10/10 ,  G07C13/00 ,  H04L12/16 ,  H04L12/26 ,  H04L29/06 ,  H04L12/18 ,  H04K3/00 ,  H04W12/12 ,  H04L29/08

Abstract: In one embodiment, possible voting nodes in a network are identified. The possible voting nodes each execute a classifier that is configured to select a label from among a plurality of labels based on a set of input features. A set of one or more eligible voting nodes is selected from among the possible voting nodes based on a network policy. Voting requests are then provided to the one or more eligible voting nodes that cause the one or more eligible voting nodes to select labels from among the plurality of labels. Votes are received from the eligible voting nodes that include the selected labels and are used to determine a voting result.

公开(公告)号：US20190312876A1

公开(公告)日：2019-10-10

申请号：US15947958

申请日：2018-04-09

Applicant: Cisco Technology, Inc.

Inventor： Vikram Kumaran ,  Jean-Philippe Vasseur ,  Santosh Ghanshyam Pandey ,  Federico Lovison

IPC: H04L29/06 ,  H04W76/18 ,  H04W8/18 ,  H04W48/02 ,  H04W24/08 ,  G06F15/18

Abstract: In one embodiment, a network assurance service that monitors a wireless network receives data regarding connection failures of a wireless client of the wireless network. The network assurance service forms a behavioral profile for the wireless client based on the received data regarding the connection failures of the wireless client. The network assurance service uses machine learning to determine whether the behavioral profile of the wireless client is an outlier in relation to behavioral profiles of other wireless clients of the wireless network. The network assurance service causes performance of a mitigation action with respect to the wireless client, when the wireless client is determined to be an outlier.

公开(公告)号：US10425294B2

公开(公告)日：2019-09-24

申请号：US14164444

申请日：2014-01-27

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Sukrit Dasgupta

IPC: G06N99/00 ,  H04L12/24 ,  H04L12/805 ,  H04L12/803 ,  H04L12/751 ,  H04L12/721 ,  H04W24/04 ,  G06N20/00 ,  G06N5/02 ,  G06N5/00

Abstract: In one embodiment, one or more reporting nodes are selected to report network metrics in a network. From a monitoring node in the network, a trigger message is sent to the one or more reporting nodes. The trigger message may trigger the one or more reporting nodes to report one or more network metrics local to the respective reporting node. In response to the trigger message, a report of the one or more network metrics is received at the monitoring node from one of the one or more reporting nodes.

公开(公告)号：US20190289022A1

公开(公告)日：2019-09-19

申请号：US15920651

申请日：2018-03-14

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Patrick Wetterwald ,  Eric Levy-Abegnoli ,  Jean-Philippe Vasseur

IPC: H04L29/06 ,  H04L12/823

Abstract: In one embodiment, an elimination point device in a network obtains a master secret from a network controller. The elimination point device assesses, using the master secret, whether an incoming packet received by the elimination point device from a redundant path between the elimination point device and a replication point device in the network includes a valid message integrity check (MIC). The elimination point device determines whether the incoming packet was injected maliciously into the redundant path, based on the assessment of the incoming packet. The elimination point device initiates performance of a mitigation action in the network, when the elimination point device determines that the incoming packet was injected maliciously into the redundant path.

公开(公告)号：US10389741B2

公开(公告)日：2019-08-20

申请号：US15163347

申请日：2016-05-24

Applicant: Cisco Technology, Inc.

Inventor： Pierre-André Savalle ,  Laurent Sartran ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L29/06 ,  H04L29/08

Abstract: In one embodiment, a device in a network identifies a new interaction between two or more nodes in the network. The device forms a feature vector using contextual information associated with the new interaction between the two or more nodes. The device causes generation of an anomaly detection model for new node interactions using the feature vector. The device uses the anomaly detection model to determine whether a particular node interaction in the network is anomalous.

公开(公告)号：US20190220760A1

公开(公告)日：2019-07-18

申请号：US15869639

申请日：2018-01-12

Applicant: Cisco Technology, Inc.

Inventor： Vinay Kumar Kolar ,  Vikram Kumaran ,  Abhishek Kumar ,  Santosh Ghanshyam Pandey ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: G06N7/00 ,  H04L12/24 ,  G06N99/00

CPC classification number: G06N7/005 ,  G06N20/00 ,  H04L41/0659 ,  H04L41/5067

Abstract: In one embodiment, a network assurance system that monitors a network labels time periods with positive labels, based on the network assurance system detecting problems in the network during the time periods. The network assurance system assigns tags to discrete portions of a feature space of measurements from the monitored network, based on whether a particular range of values in the feature space has a threshold probability of occurring during a positively-labeled time period. The network assurance system determines a set of the assigned tags that frequently co-occur with the positively-labeled time periods in which problems are detected in the network. The network assurance system causes performance of a mitigation action in the network based on the set of assigned tags that frequently co-occur with the positively-labeled time periods.

公开(公告)号：US20190199626A1

公开(公告)日：2019-06-27

申请号：US15854040

申请日：2017-12-26

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Jean-Philippe Vasseur ,  Patrick Wetterwald

IPC: H04L12/715 ,  H04L12/801 ,  H04L12/709

CPC classification number: H04L45/64 ,  H04L45/245 ,  H04L47/19

Abstract: In one embodiment, a cloud-based service instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to a first isolation application instance hosted by the service. The first isolation application instance receives the redirected traffic associated with the particular node. The first isolation application instance determines a routing path for the traffic that comprises one or more other isolation application instances hosted by the cloud-based service. The first isolation application instance tags the traffic to indicate the determined routing path. The first isolation application forwards the tagged traffic to a second isolation application instance along the determined routing path.

公开(公告)号：US10320824B2

公开(公告)日：2019-06-11

申请号：US14989920

申请日：2016-01-07

Applicant: Cisco Technology, Inc.

Inventor： Jean-Philippe Vasseur ,  Grégory Mermoud ,  Laurent Sartran

IPC: H04L9/00 ,  H04L29/06 ,  H04L12/707 ,  G06N20/00 ,  H04L12/725 ,  G06F21/55 ,  H04L12/751

Abstract: In one embodiment, a device in a network receives traffic metrics for a plurality of applications in the network. The device populates a feature space for a machine learning-based anomaly detector. The device identifies a missing dataset in the feature space for a particular one of the plurality of applications. The device adjusts how traffic is sent in the network, to capture the missing dataset.

公开(公告)号：US20190166547A1

公开(公告)日：2019-05-30

申请号：US16248108

申请日：2019-01-15

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Jean-Philippe Vasseur ,  Patrick Wetterwald ,  Eric Levy-Abegnoli

IPC: H04W48/14 ,  H04W24/02 ,  H04L1/18

CPC classification number: H04W48/14 ,  H04L1/18 ,  H04W24/02 ,  H04W88/08

Abstract: In one embodiment, a supervisory device in a network receives from a plurality of access points (APs) in the network data regarding a network availability request broadcast by a node seeking to access the network and received by the APs in the plurality. The supervisory device uniquely associates the node with a virtual access point (VAP) for the node and forms a VAP mapping between the VAP for the node and a set of the APs in the plurality selected based on the received data regarding the network availability request. One of the APs in the mapping is designated as a primary access point for the node. The supervisory device instructs the primary AP to send a network availability response to the node that includes information for the VAP. The node uses the information for the VAP to access the network via the set of APs in the VAP mapping.