Cascade-based classification of network devices using multi-scale bags of network words
US-2020127892-A1 · Apr 23, 2020 · US
Self-training classification
US11936660B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11936660-B2 |
| Application number | US-202217729997-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 26, 2022 |
| Priority date | Jun 29, 2018 |
| Publication date | Mar 19, 2024 |
| Grant date | Mar 19, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and related technologies for self-training classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to train the models associated with lower reliability level. The trained models and associated classification methods are thus improved.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: accessing a plurality of device classification methods, wherein each of the plurality of methods has a respective associated model, and wherein each of the plurality of methods has a respective associated reliability level in classifying a device type or a device model of a plurality of devices communicatively coupled to a network; generating a respective data set associated with each of the device classification methods based on classifying the device type or the device model of the plurality of devices communicatively coupled to the network; selecting a first device classification method and a second device classification method of the plurality of device classification methods, wherein the first device classification method has a higher reliability level than the second device classification method; determining a training data set using a respective data set associated with the first device classification method; training, by a processing device, the second device classification method model using the training data set; and storing the trained second device classification model. 2. The method of claim 1 , further comprising: performing an initial classification of the plurality of devices communicatively coupled to the network; and determining which of the plurality of device classification methods can be used based on the initial classification of the plurality of devices communicatively coupled to the network. 3. The method of claim 1 , further comprising: performing classification using the second device classification method. 4. The method of claim 1 , wherein the training of the second device classification method model using the training data set is performed on a per device basis. 5. The method of claim 1 , wherein each respective model associated with the plurality of device classification methods is a machine learning model. 6. The method of claim 1 , wherein the respective associated reliability level associated with the plurality of device classification methods is configurable. 7. The method of claim 1 , wherein the respective associated reliability level associated with a device classification method is automatically adjusted based on one or more classification results based on the device classification method. 8. The method of claim 1 , wherein the selecting of the first device classification method and the second device classification method of the plurality of device classification methods is based on a network environment. 9. The method of claim 1 , wherein the first device classification method comprises at least one of an agent based classification method, an aggregator based method, an active probing based method, a passive traffic analysis method, a traffic log analysis method, or a traffic based behavior heuristic method. 10. A system comprising: a memory; and a processing device, operatively coupled to the memory, to: access a plurality of device classification methods, wherein each of the plurality of methods has a respective associated model, and wherein each of the plurality of methods has a respective associated reliability level in classifying a device type or a device model of a plurality of devices communicatively coupled to a network; generate a respective data set associated with each of the device classification methods based on classifying the device type or the device model of the plurality of devices communicatively coupled to the network; select a first device classification method and a second device classification method of the plurality of device classification methods, wherein the first device classification method has a higher reliability level than the second device classification method; determine a training data set using a respective data set associated with the first device classification method; train the second device classification method model using the training data set; and store the trained second device classification model. 11. The system of claim 10 , wherein the processing device further to: perform an initial classification of the plurality of devices communicatively coupled to the network; and determine which of the plurality of device classification methods can be used based on the initial classification of the plurality of devices communicatively coupled to the network. 12. The system of claim 10 , wherein the processing device further to: perform classification using the second device classification method. 13. The system of claim 10 , wherein the training of the second device classification method model using the training data set is performed on a per device basis. 14. The system of claim 10 , wherein each respective model associated with the plurality of device classification methods is a machine learning model. 15. The system of claim 10 , wherein the respective associated reliability level associated with the plurality of device classification methods is configurable. 16. The system of claim 10 , wherein the selecting of the first device classification method and the second device classification method of the plurality of device classification methods is based on a network environment. 17. The system of claim 10 , wherein the first device classification method comprises at least one of an agent based classification method, an aggregator based method, an active probing based method, a passive traffic analysis method, a traffic log analysis method, or a traffic based behavior heuristic method. 18. A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device, cause the processing device to: determine which of a plurality of device classification methods can be used based on an initial classification of a device type or a device model of a plurality of devices communicatively coupled to the network; generate a respective data set associated with each of a plurality of device classification methods based on classifying the device type or the device model of the plurality of devices communicatively coupled to a network, wherein each of the plurality of methods has a respective associated model, and wherein each of the plurality of methods has a respective associated reliability level in classifying the device type or the device model of the plurality of devices; determine a training data set using one of the respective data sets associated with a first device classification method of the plurality of the methods; train, by the processing device, a second device classification method model using the training data set, wherein the first device classification method has a higher reliability level than the second device classification method. 19. The non-transitory computer readable medium of claim 18 , wherein to train the second device classification method model using the training data set is performed on a per device basis. 20. The non-transitory computer readable medium of claim 18 , wherein the first device classification method and the second device classification method of the plurality of device classification methods are selected based on a network environment.
Assignees
Inventors
Classifications
- H04L63/14Primary
for detecting or protecting against malicious traffic · CPC title
Classification techniques · CPC title
Machine learning · CPC title
by actively collecting configuration information or by backing up configuration information · CPC title
Processing captured monitoring data, e.g. for logfile generation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11936660B2 cover?
- Systems, methods, and related technologies for self-training classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to train the model…
- Who is the assignee on this patent?
- Forescout Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/14. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 19 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).