公开(公告)号：US20160352765A1

公开(公告)日：2016-12-01

申请号：US15072526

申请日：2016-03-17

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Yannick Weibel

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event, wherein the notification includes those of the fingerprints that are associated with the singular anomaly event.

Abstract translation: 在一个实施例中，网络中的设备由不同的异常检测器接收在网络中检测到的两个或多个网络异常的指纹。 每个指纹包括描述检测到的异常的标签的散列。 该设备将指纹与在其中检测到两个或多个网络异常的时间范围内捕获的网络记录相关联。 设备将与网络记录相关联的指纹进行比较，以确定两个或多个检测到的异常是单个异常事件的一部分。 设备生成关于奇异异常事件的通知，其中通知包括与单个异常事件相关联的指纹的通知。

公开(公告)号：US10552763B2

公开(公告)日：2020-02-04

申请号：US15210974

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： Yannick Weibel ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: G06N20/00

Abstract: In one embodiment, a device in a network receives data indicative of a target state for one or more distributed learning agents in the network. The device determines a difference between the target state and state information maintained by the device regarding the one or more distributed learning agents. The device calculates a synchronization penalty score for each of the one or more distributed learning agents. The device selects a particular one of the one or more distributed learning agents with which to synchronize, based on the synchronization penalty score for the selected distributed learning agent and on the determined difference between the target state and the state information regarding the selected distributed learning agent. The device initiates synchronization of the state information maintained by the device regarding the selected distributed learning agent with state information from the selected distributed learning agent.

公开(公告)号：US20170279849A1

公开(公告)日：2017-09-28

申请号：US15210974

申请日：2016-07-15

Applicant: Cisco Technology, Inc.

Inventor： Yannick Weibel ,  Jean-Philippe Vasseur ,  Grégory Mermoud

IPC: H04L29/06 ,  G06N5/04 ,  G06N99/00 ,  H04L29/08

Abstract: In one embodiment, a device in a network receives data indicative of a target state for one or more distributed learning agents in the network. The device determines a difference between the target state and state information maintained by the device regarding the one or more distributed learning agents. The device calculates a synchronization penalty score for each of the one or more distributed learning agents. The device selects a particular one of the one or more distributed learning agents with which to synchronize, based on the synchronization penalty score for the selected distributed learning agent and on the determined difference between the target state and the state information regarding the selected distributed learning agent. The device initiates synchronization of the state information maintained by the device regarding the selected distributed learning agent with state information from the selected distributed learning agent.

公开(公告)号：US10320825B2

公开(公告)日：2019-06-11

申请号：US15072526

申请日：2016-03-17

Applicant: Cisco Technology, Inc.

Inventor： Grégory Mermoud ,  Jean-Philippe Vasseur ,  Yannick Weibel

IPC: H04L29/06 ,  G06F21/64

Abstract: A device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event. The notification includes those of the fingerprints that are associated with the singular anomaly event.

公开(公告)号：US20250132996A1

公开(公告)日：2025-04-24

申请号：US18381842

申请日：2023-10-19

Applicant: Cisco Technology, Inc.

Inventor： Sofia Karygianni ,  Yannick Weibel ,  Carlo Zapponi

IPC: H04L43/045 ,  H04L43/028

Abstract: In one implementation, a method is disclosed comprising: determining, by a process, a log template mapped from network monitoring log messages; generating, by the process, a visualization of the log template including interactive graphical representations of a detection frequency for the log template, a frequency distribution of parameter values per parameter for the log template, and relationships between parameter values across different parameters for the log template; filtering, by the process, data included in the visualization based on a user selection of a portion of a particular graphical representation; and modifying, by the process and based on user feedback on the visualization, generation of subsequent visualizations of log templates.