Software-defined-networking (sdn) enabling operating-system containers for real-time application traffic flow improvement
US-2016330091-A1 · Nov 10, 2016 · US
Network behavior data collection and analytics for anomaly detection
US2016359695A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016359695-A1 |
| Application number | US-201615090930-A |
| Country | US |
| Kind code | A1 |
| Filing date | Apr 5, 2016 |
| Priority date | Jun 4, 2015 |
| Publication date | Dec 8, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information, and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. An apparatus and logic are also disclosed herein.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network; processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information; and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. 2 . The method of claim 1 wherein processing the network traffic data comprises correlating said network behavior from said multiple perspectives in the network. 3 . The method of claim 1 wherein the network device comprises a processor for examining big data comprising large data sets having different types of data. 4 . The method of claim 1 wherein the network traffic data comprises metadata from each packet passing through one of said plurality of sensors. 5 . The method of claim 1 wherein identifying said anomalies comprises identifying said anomalies in multidimensional data comprising a plurality of features. 6 . The method of claim 1 wherein identifying said anomalies based on dynamic models of network behavior comprises utilizing machine learning algorithms to detect suspicious activity. 7 . The method of claim 6 further comprising receiving data from a honeypot for use in machine learning. 8 . The method of claim 1 further comprising generating an application dependency map for use in identifying said anomalies. 9 . The method of claim 1 wherein identifying said anomalies comprises computing a nonparametric multivariate density estimation. 10 . An apparatus comprising: an interface for receiving network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network; and a processor for processing the network traffic data, the network traffic data comprising process information, user information, and host information, and identifying at the network device, anomalies within the network traffic data based on dynamic modeling of network behavior. 11 . The apparatus of claim 10 wherein processing the network traffic data comprises correlating said network behavior from said multiple perspectives in the network. 12 . The apparatus of claim 10 wherein the processor is operable to examine big data comprising large data sets having different types of data. 13 . The apparatus of claim 10 wherein the network traffic data comprises metadata from each packet passing through one of said plurality of sensors. 14 . The apparatus of claim 10 further comprising a distributed denial of service detector. 15 . The apparatus of claim 10 wherein identifying said anomalies based on dynamic models of network behavior comprises utilizing machine learning algorithms to detect suspicious activity. 16 . The apparatus of claim 10 wherein the processor is further configured to generate an application dependency map for use in identifying said anomalies. 17 . Logic encoded on one or more non-transitory computer readable media for execution and when executed operable to: process network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, the network traffic data comprising process information, user information, and host information; and identify anomalies within the network traffic based on dynamic modeling of network behavior. 18 . The logic of claim 17 wherein the logic is further operable to correlate said network behavior from said multiple perspectives to identify said anomalies. 19 . The logic of claim 17 wherein machine learning algorithms receiving data from honeypots are utilized to detect suspicious activity. 20 . The logic of claim 17 wherein said anomalies are identified by computing a nonparametric multivariate density estimation.
Assignees
Inventors
Classifications
- G06N20/00Primary
Machine learning · CPC title
Network monitoring probes · CPC title
- H04L43/04Primary
Processing captured monitoring data, e.g. for logfile generation · CPC title
- H04L41/142Primary
using statistical or mathematical methods · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016359695A1 cover?
- In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives i…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06N20/00. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Dec 08 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).