公开(公告)号：US09258217B2

公开(公告)日：2016-02-09

申请号：US12568044

申请日：2009-09-28

申请人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

发明人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

IPC分类号： H04L12/721 ,  H04L12/26 ,  G06F21/55 ,  H04L12/703 ,  H04L12/801 ,  H04L12/851 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06N5/025 ,  H04L41/00 ,  H04L41/0604 ,  H04L41/16 ,  H04L43/026 ,  H04L43/028 ,  H04L43/16 ,  H04L45/28 ,  H04L45/38 ,  H04L47/10 ,  H04L47/24 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/30

摘要： A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

摘要翻译： 检测互联网协议（IP）流中的异常的系统使用一组机器学习（ML）规则，可以在IP流级别实时应用。 通信网络具有大量可配备流量监控功能的路由器。 集流器在通信网络中收集来自路由器的流数据，并将其提供给流分类器。 同时，网络中有限数量的位置监视数据包，并根据数据包数据属性生成警报。 分组警报和流数据被提供给机器学习系统，其检测基于分组的警报和流数据之间的相关性，从而生成一系列流级别警报。 这些规则提供给流时间分类器。 随着时间的推移，新的数据包警报和流数据用于提供机器学习系统生成的更新规则。

公开(公告)号：US20100153316A1

公开(公告)日：2010-06-17

申请号：US12568044

申请日：2009-09-28

申请人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

发明人： Nicholas Duffield ,  Patrick Haffner ,  Balachander Krishnamurthy ,  Haakon Andreas Ringberg

IPC分类号： G06F21/00 ,  G06F15/18

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06N5/025 ,  H04L41/00 ,  H04L41/0604 ,  H04L41/16 ,  H04L43/026 ,  H04L43/028 ,  H04L43/16 ,  H04L45/28 ,  H04L45/38 ,  H04L47/10 ,  H04L47/24 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/30

摘要： A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

摘要翻译： 检测互联网协议（IP）流中的异常的系统使用一组机器学习（ML）规则，可以在IP流级别实时应用。 通信网络具有大量可配备流量监控功能的路由器。 集流器在通信网络中收集来自路由器的流数据，并将其提供给流分类器。 同时，网络中有限数量的位置监视数据包，并根据数据包数据属性生成警报。 分组警报和流数据被提供给机器学习系统，其检测基于分组的警报和流数据之间的相关性，从而生成一系列流级别警报。 这些规则提供给流时间分类器。 随着时间的推移，新的数据包警报和流数据用于提供机器学习系统生成的更新规则。

公开(公告)号：US20130013542A1

公开(公告)日：2013-01-10

申请号：US13620668

申请日：2012-09-14

申请人： SUBHABRATA SEN ,  Nicholas duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： SUBHABRATA SEN ,  Nicholas duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US08311956B2

公开(公告)日：2012-11-13

申请号：US12539430

申请日：2009-08-11

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US09349102B2

公开(公告)日：2016-05-24

申请号：US13620668

申请日：2012-09-14

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06N99/00

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US08935188B2

公开(公告)日：2015-01-13

申请号：US12858303

申请日：2010-08-17

申请人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

发明人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

IPC分类号： G06F15/18 ,  G06F15/173 ,  H04L12/26 ,  H04L29/08

CPC分类号： H04L43/045 ,  H04L43/026 ,  H04L67/22

摘要： In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

摘要翻译： 在一个实施例中，本公开是用于使用网络业务的集合属性对应用进行分类的方法和装置。 在一个实施例中，用于对通信网络中的业务进行分类的方法包括接收业务活动图，所述业务活动图包括由多个边缘互连的多个节点，其中每个节点表示与所述通信网络相关联的端点， 每个边缘表示对应的一对节点之间的流量，基于与通信网络中的至少一个业务流相关的至少一个测量的统计量，生成关于与每个边缘相关联的应用类别的初始推断集合 ，并且基于业务流的空间分布来优化初始推理集合，以产生最终业务活动图。

公开(公告)号：US20110040706A1

公开(公告)日：2011-02-17

申请号：US12539430

申请日：2009-08-11

申请人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

发明人： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC分类号： G06F15/18 ,  G06N5/02

CPC分类号： G06N99/005

摘要： A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

摘要翻译： 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。

公开(公告)号：US20120047096A1

公开(公告)日：2012-02-23

申请号：US12858303

申请日：2010-08-17

申请人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

发明人： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

IPC分类号： G06F15/18 ,  G06N3/08

CPC分类号： H04L43/045 ,  H04L43/026 ,  H04L67/22

摘要： In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

摘要翻译： 在一个实施例中，本公开是用于使用网络业务的集合属性对应用进行分类的方法和装置。 在一个实施例中，用于对通信网络中的业务进行分类的方法包括接收业务活动图，所述业务活动图包括由多个边缘互连的多个节点，其中每个节点表示与所述通信网络相关联的端点， 每个边缘表示对应的一对节点之间的流量，基于与通信网络中的至少一个业务流相关的至少一个测量的统计量，生成关于与每个边缘相关联的应用类别的初始推断集合 ，并且基于业务流的空间分布来优化初始推理集合，以产生最终业务活动图。

公开(公告)号：US08897500B2

公开(公告)日：2014-11-25

申请号：US13101704

申请日：2011-05-05

申请人： Ann K. Syrdal ,  Sumit Chopra ,  Patrick Haffner ,  Taniya Mishra ,  Ilija Zeljkovic ,  Eric Zavesky

发明人： Ann K. Syrdal ,  Sumit Chopra ,  Patrick Haffner ,  Taniya Mishra ,  Ilija Zeljkovic ,  Eric Zavesky

IPC分类号： G06K9/00 ,  G10L17/24 ,  G06F21/32

CPC分类号： G10L15/25 ,  G06F21/32 ,  G06F2221/2103 ,  G06K9/00255 ,  G06K9/00281 ,  G06K9/00288 ,  G06K9/00315 ,  G06K9/00335 ,  G10L17/24 ,  G10L21/06

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for performing speaker verification. A system configured to practice the method receives a request to verify a speaker, generates a text challenge that is unique to the request, and, in response to the request, prompts the speaker to utter the text challenge. Then the system records a dynamic image feature of the speaker as the speaker utters the text challenge, and performs speaker verification based on the dynamic image feature and the text challenge. Recording the dynamic image feature of the speaker can include recording video of the speaker while speaking the text challenge. The dynamic feature can include a movement pattern of head, lips, mouth, eyes, and/or eyebrows of the speaker. The dynamic image feature can relate to phonetic content of the speaker speaking the challenge, speech prosody, and the speaker's facial expression responding to content of the challenge.

摘要翻译： 本文公开了用于执行说话者验证的系统，方法和非暂时的计算机可读存储介质。 被配置为实施该方法的系统接收到验证说话者的请求，产生对该请求是唯一的文本挑战，并且响应该请求提示说话者发出文本挑战。 然后当扬声器发出文本挑战时，系统记录扬声器的动态图像特征，并且基于动态图像特征和文本挑战来执行说话者验证。 录制扬声器的动态图像功能可以包括在说出文本挑战时录制扬声器的视频。 动态特征可以包括扬声器的头部，嘴唇，嘴巴，眼睛和/或眉毛的运动模式。 动态图像特征可以涉及讲话者讲话的语音内容，语音韵律以及响应于挑战内容的说话者的面部表情。

公开(公告)号：US08886533B2

公开(公告)日：2014-11-11

申请号：US13281102

申请日：2011-10-25

申请人： Sumit Chopra ,  Dimitrios Dimitriadis ,  Patrick Haffner

发明人： Sumit Chopra ,  Dimitrios Dimitriadis ,  Patrick Haffner

IPC分类号： G10L15/08 ,  G10L15/16 ,  G10L15/02

CPC分类号： G10L15/02 ,  G10L15/08 ,  G10L15/16

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for combining frame and segment level processing, via temporal pooling, for phonetic classification. A frame processor unit receives an input and extracts the time-dependent features from the input. A plurality of pooling interface units generates a plurality of feature vectors based on pooling the time-dependent features and selecting a plurality of time-dependent features according to a plurality of selection strategies. Next, a plurality of segmental classification units generates scores for the feature vectors. Each segmental classification unit (SCU) can be dedicated to a specific pooling interface unit (PIU) to form a PIU-SCU combination. Multiple PIU-SCU combinations can be further combined to form an ensemble of combinations, and the ensemble can be diversified by varying the pooling operations used by the PIU-SCU combinations. Based on the scores, the plurality of segmental classification units selects a class label and returns a result.

摘要翻译： 本文公开了用于通过时间池来组合帧和段级处理用于语音分类的系统，方法和非暂时的计算机可读存储介质。 帧处理器单元接收输入并从输入中提取与时间相关的特征。 多个池化接口单元基于集合时间相关特征并根据多个选择策略选择多个时间相关特征来生成多个特征向量。 接下来，多个分段分类单元生成特征向量的得分。 每个分段分类单元（SCU）可专用于特定的汇聚接口单元（PIU）以形成PIU-SCU组合。 可以进一步组合多个PIU-SCU组合以形成组合的集合，并且可以通过改变PIU-SCU组合使用的合并操作来使集合多样化。 基于分数，多个分段分类单元选择分类标签并返回结果。