Layered two-dimensional projection generation and display
US-2016048984-A1 · Feb 18, 2016 · US
IoT device grouping and labeling
US12021697B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12021697-B2 |
| Application number | US-202318106914-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 7, 2023 |
| Priority date | Oct 27, 2017 |
| Publication date | Jun 25, 2024 |
| Grant date | Jun 25, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: identifying a first set of raw events associated with a first Internet of Things (IoT) device in operation, wherein at least one raw event included in the first set of raw events is a transmission made by the first IoT device; determining, based at least in part on a communication manner of the first IoT device, a first time period, and generating one or more formatted events of the first IoT device in operation, at least in part by examining the first set of raw events over the first time period; using the one or more formatted events of the first IoT device in operation to extract a set of features of the first IoT device in operation; identifying a second set of raw events associated with a second IoT device in operation, wherein at least one raw event included in the second set of raw events is a transmission made by the second IoT device; determining, based at least in part on a communication manner of the second IoT device, a second time period that is different from the first time period, and generating one or more formatted events of the second IoT device in operation, at least in part by examining the second set of raw events over the second time period; using the one or more formatted events of the second IoT device in operation to extract a set of features of the second IoT device in operation; generating a context-based IoT device grouping model based at least in part on at least one of: (1) the extracted set of features of the first IoT device in operation or (2) the extracted set of features of the second IoT device in operation; applying the generated context-based IoT device grouping model to determine that a third IoT device belongs to a particular group; and detecting, as an undesired behavior, a deviation by the third IoT device from group behavior, and generating an alert in response. 2. The method of claim 1 , further comprising: transforming at least a portion of raw events included in the first set of raw events into a format suitable for grouping and labeling the first IoT device. 3. The method of claim 1 , further comprising: transforming at least a portion of raw events included in the first set of raw events into discrete events. 4. The method of claim 1 , further comprising: transforming at least a portion of raw events included in the first set of raw events into composite events comprising multiple event parameters. 5. The method of claim 1 , wherein at least one raw event included in the first set of raw events is a message transmitted to the first IoT device, and wherein the method further comprises: examining the message transmitted to the first IoT device to determine an event which can subsequently be timestamped to create a formatted event of the first IoT device in operation. 6. The method of claim 1 , further comprising enriching at least one raw event included in the first set of raw events based at least in part on obtained additional context about the first IoT device in operation. 7. The method of claim 1 , further comprising: aggregating a plurality of events occurring during the first time period to form a set of aggregated events. 8. The method of claim 7 , further comprising: transmitting event metadata of the set of aggregated events to a remote system for purposes of performing grouping of the first and third IoT devices. 9. The method of claim 1 , further comprising: determining that grouping the first and third IoT devices is unsuccessful, and carrying out assisted grouping and labeling of the first and third IoT devices. 10. The method of claim 1 , further comprising: determining that a new IoT device label has been added, and performing a new grouping operation on at least one of the first and second IoT devices. 11. A system comprising: a processor configured to: identify a first set of raw events associated with a first Internet of Things (IoT) device in operation, wherein at least one raw event included in the first set of raw events is a transmission made by the first IoT device; determine, based at least in part on a communication manner of the first IoT device, a first time period, and generate one or more formatted events of the first IoT device in operation, at least in part by examining the first set of raw events over the first time period; use the one or more formatted events of the first IoT device in operation to extract a set of features of the first IoT device in operation; identify a second set of raw events associated with a second IoT device in operation, wherein at least one raw event included in the second set of raw events is a transmission made by the second IoT device; determine, based at least in part on a communication manner of the second IoT device, a second time period that is different from the first time period, and generate one or more formatted events of the second IoT device in operation, at least in part by examining the second set of raw events over the second time period; use the one or more formatted events of the second IoT device in operation to extract a set of features of the second IoT device in operation; generate a context-based IoT device grouping model based at least in part on at least one of: (1) the extracted set of features of the first IoT device in operation or (2) the extracted set of features of the second IoT device in operation; apply the generated context-based IoT device grouping model to determine that a third IoT device belongs to a particular group; and detect, as an undesired behavior, a deviation by the third IoT device from group behavior, and generate an alert in response; and a memory coupled to the processor and configured to provide the processor with instructions. 12. A computer program product embodied on a non-transitory medium, the computer program product including instructions which, when the computer program product is executed by a computer, cause the computer to carry out a method comprising: identifying a first set of raw events associated with a first Internet of Things (IoT) device in operation, wherein at least one raw event included in the first set of raw events is a transmission made by the first IoT device; determining, based at least in part on a communication manner of the first IoT device, a first time period, and generating one or more formatted events of the first IoT device in operation, at least in part by examining the first set of raw events over the first time period; using the one or more formatted events of the first IoT device in operation to extract a set of features of the first IoT device in operation; identifying a second set of raw events associated with a second IoT device in operation, wherein at least one raw event included in the second set of raw events is a transmission made by the second IoT device; determining, based at least in part on a communication manner of the second IoT device, a second time period that is different from the first time period, and generating one or more formatted events of the second IoT device in operation, at least in part by examining the second set of raw events over the second time period; using the one or more formatted events of the second IoT device in operation to extract a set of features of the second IoT device in operation; generating a context-based IoT device grouping model based at least in part on at least one of: (1) the extracted set of features of the first IoT device in operation or (2) the extracted set of features of the second IoT device in operation; applying the generated context-based IoT device grouping model to determine that a third IoT device belongs to a particular group; and detecting, as an
Assignees
Inventors
Classifications
- H04L41/0893Primary
Assignment of logical groups to network elements · CPC title
- H04L41/069Primary
using logs of notifications; Post-processing of notifications · CPC title
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12021697B2 cover?
- Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first ti…
- Who is the assignee on this patent?
- Palo Alto Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/0893. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 25 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).