What technology area does this patent fall under?

Primary CPC classification H04L41/0893. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 03 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

IoT device grouping and labeling

US11082296B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11082296-B2
Application number	US-201815894861-A
Country	US
Kind code	B2
Filing date	Feb 12, 2018
Priority date	Oct 27, 2017
Publication date	Aug 3, 2021
Grant date	Aug 3, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expected behavior, the network can be more readily understood and alerts can be more timely and appropriate.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: identifying a set of raw events associated with an Internet of Things (IoT) device in operation; obtaining additional contextual information associated with the IoT device and enriching at least some raw events included in the set of raw events based at least in part on the obtained additional contextual information; using the set of raw events to generate a set of features associated with the IoT device, including by aggregating at least some raw events included in the set of raw events to form aggregated events; determining, based at least in part on providing at least some features included in the set of features to at least one prediction model, and applying a threshold, whether the IoT device belongs to a particular group; and detecting, as undesired behavior, a deviation by the IoT device from group behavior, and generating an alert in response. 2. The method of claim 1 , further comprising: transforming raw events included in the set of raw events into a format suitable for grouping and labeling a plurality of IoT devices. 3. The method of claim 1 , further comprising: transforming raw events included in the set of raw events into discrete events. 4. The method of claim 1 , further comprising: transforming a plurality of raw events included in the set of raw events into a composite event comprising multiple event parameters. 5. The method of claim 1 , wherein the raw events include one or more messages transmitted to the IoT device, and further comprising: examining the one or more messages transmitted to the IoT device to determine at least one event which can subsequently be timestamped to create a formatted event of the IoT device in operation. 6. The method of claim 1 , wherein the identifying the set of raw events of the IoT device in operation is done at least in part within a data rollup window, and further comprising: generating formatted events of the IoT device in operation within the data rollup window. 7. The method of claim 1 , wherein the identifying the set of raw events of the IoT device in operation is done at least in part within a data rollup window, and further comprising: aggregating events during the data rollup window to form the aggregated events. 8. The method of claim 1 , further comprising: transmitting event metadata of the aggregated events to a remote system for purposes of performing grouping a plurality of IoT devices. 9. The method of claim 1 , further comprising: determining that a grouping action is unsuccessful, and carrying out assisted grouping and labeling of a plurality of IoT devices after applying a context-based IoT device grouping model to the aggregated events. 10. The method of claim 1 , further comprising: determining that a grouping action is successful, determining a new IoT device label has been added, and applying a context-based IoT device grouping model to the aggregated events. 11. A computer program product embodied on a non-transitory medium, the computer program product including instructions which, when executed by a computer, cause the computer to carry out a method comprising: identifying a set of raw events associated with an Internet of Things (IoT) device in operation; obtaining additional contextual information associated with the IoT device and enriching at least some raw events included in the set of raw events based at least in part on the obtained additional contextual information; using the set of raw events to generate a set of features associated with the IoT device, including by aggregating at least some raw events included in the set of raw events to form aggregated events; determining, based at least in part on providing at least some features included in the set of features to at least one prediction model, and applying a threshold, whether the IoT device belongs to a particular group; and detecting, as undesired behavior, a deviation by the IoT device from group behavior, and generating an alert in response. 12. The computer program product of claim 11 , the method further comprising: transforming raw events included in the set of raw events into a format suitable for grouping and labeling a plurality of the IoT devices. 13. The computer program product of claim 11 , the method further comprising: transforming raw events included in the set of raw events into discrete events. 14. The computer program product of claim 11 , the method further comprising: transforming a plurality of raw events included in the set of raw events into a composite event comprising multiple event parameters. 15. The computer program product of claim 11 , wherein the raw events include one or more messages transmitted to the IoT device, the method further comprising: examining the one or more messages transmitted to the IoT device to determine at least one event which can subsequently be timestamped to create a formatted event of the IoT device in operation. 16. The computer program product of claim 11 , wherein the identifying the set of raw events of the IoT device in operation is done at least in part within a data rollup window, the method further comprising: generating formatted events of the IoT device in operation within the data rollup window. 17. The computer program product of claim 11 , wherein the identifying the set of raw events of the IoT device in operation is done at least in part within a data rollup window, the method further comprising: aggregating events during the data rollup window to form aggregated events. 18. The computer program product of claim 11 , the method further comprising: transmitting event metadata of the aggregated events to a remote system for purposes of performing grouping a plurality of IoT devices. 19. The computer program product of claim 11 , the method further comprising: determining that a grouping action is unsuccessful, and carrying out assisted grouping and labeling of a plurality of IoT devices after applying a context-based IoT device grouping model to the aggregated events. 20. The computer program product of claim 11 , the method further comprising: determining that a grouping action is successful, determining a new IoT device label has been added, and applying a context-based IoT device grouping model to the aggregated events. 21. A system comprising: a processor configured to: identify a set of raw events associated with an Internet of Things (IoT) device in operation; obtain additional contextual information associated with the IoT device and enrich at least some raw events included in the set of raw events based at least in part on the obtained additional contextual information; use the set of raw events to generate a set of features associated with the IoT device, including by aggregating at least some raw events included in the set of raw events to form aggregated events; determine, based at least in part on providing at least some features included in the set of features to at least one prediction model, and apply a threshold, whether the IoT device belongs to a particular group; and detect, as undesired behavior, a deviation by the IoT device from group behavior, and generate an alert in response; and a memory coupled to the processor and configured to provide the processor with instructions. 22. The system of claim 21 , wherein the processor is further configured to transform raw events included in the set of raw events into a format suitable for grouping and labeling a plurality of IoT devices.

Assignees

Palo Alto Networks Inc

Inventors

Classifications

H04L41/0893Primary
Assignment of logical groups to network elements · CPC title
H04L41/069Primary
using logs of notifications; Post-processing of notifications · CPC title
H04L12/4641
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title
H04W4/70
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
H04W4/06
Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services · CPC title

Patent family

Related publications grouped by family.

View patent family 66244436

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11082296B2 cover?: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expecte…
Who is the assignee on this patent?: Palo Alto Networks Inc
What technology area does this patent fall under?: Primary CPC classification H04L41/0893. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 03 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).