Patent search ap:("Cisco Technology Page Inc.") AND inv:"Rohit Chandra Prasad"

31.

发明授权
Identifying bogon address spaces 有权

公开(公告)号：US10516586B2

公开(公告)日：2019-12-24

申请号：US15171836

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Navindra Yadav , Khawar Deen , Varun Sagar Malhotra

IPC: H04L12/24 , H04L12/26 , H04L12/801 , H04L29/06 , H04L29/08 , G06F16/00 , H04J3/00 , G06N99/00 , H04L12/701 , G06F9/455 , G06N20/00 , G06F16/29 , G06F16/248 , G06F16/28 , G06F16/9535 , G06F16/2457 , G06F21/55 , G06F21/56 , H04L12/851 , H04W84/18 , G06F21/53 , H04L12/723 , G06F3/0484 , H04L1/24 , H04W72/08 , H04L9/08 , H04L9/32 , H04J3/06 , H04J3/14 , H04L29/12 , H04L12/813 , H04L12/823 , H04L12/741 , H04L12/833 , H04L12/721 , G06F3/0482 , G06T11/20 , H04L12/841 , H04L12/725 , H04L12/715 , G06F16/16 , G06F16/17 , G06F16/11 , G06F16/13 , G06F16/174 , G06F16/23

Abstract: Systems, methods, and computer-readable media for identifying bogon addresses. A system can obtain an indication of address spaces in a network. The indication can be based on route advertisements transmitted by routers associated with the network. The system can receive a report generated by a capturing agent deployed on a host. The report can identify a flow captured by the capturing agent at the host. The system can identify a network address associated with the flow and, based on the indication of address spaces, the system can determine whether the network address is within the address spaces in the network. When the network address is not within the address spaces in the network, the system can determine that the network address is a bogon address. When the network address is within the address spaces in the network, the system can determine that the network address is not a bogon address.

32.

发明申请
HIERARCHICHAL SHARDING OF FLOWS FROM SENSORS TO COLLECTORS 审中-公开

公开(公告)号：US20190253330A1

公开(公告)日：2019-08-15

申请号：US16392950

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Navindra Yadav , Khawar Deen , Varun Sagar Malhotra

IPC: H04L12/26 , G06N20/00 , G06F16/29 , G06F16/2457 , G06F16/9535 , G06F16/28 , G06F16/248 , G06F21/56 , G06F21/55 , H04L29/06 , H04L12/813 , H04L9/32 , H04L9/08 , H04L12/721 , G06F21/53 , H04L12/24 , H04L12/851 , H04L12/725 , H04L12/823 , H04L29/12 , H04J3/14 , H04J3/06 , H04W72/08 , H04L1/24 , H04L29/08 , G06F3/0484 , H04L12/723 , H04L12/833 , H04L12/741 , H04L12/801 , H04W84/18 , H04L12/715 , H04L12/841 , G06T11/20 , G06F3/0482 , G06F16/11 , G06F16/17 , G06F16/13 , G06N99/00 , G06F16/16 , G06F16/23 , G06F16/174 , G06F9/455

Abstract: Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow.

33.

发明申请
SYSTEM FOR MONITORING AND MANAGING DATACENTERS 审中-公开

公开(公告)号：US20190081959A1

公开(公告)日：2019-03-14

申请号：US16179027

申请日：2018-11-02

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav , Abhishek Ranjan Singh , Shashidhar Gandham , Ellen Christine Scheib , Omid Madani , Ali Parandehgheibi , Jackson Ngoc Ki Pang , Vimalkumar Jeyakumar , Michael Standish Watts , Hoang Viet Nguyen , Khawar Deen , Rohit Chandra Prasad , Sunil Kumar Gupta , Supreeth Hosur Nagesh Rao , Anubhav Gupta , Ashutosh Kulshreshtha , Roberto Fernando Spadaro , Hai Trong Vu , Varun Sagar Malhotra , Shih-Chun Chang , Bharathwaj Sankara Viswanathan , FNU Rachita Agasthy , Duane Thomas Barlow

IPC: H04L29/06 , H04L12/26

CPC classification number: H04L63/1408 , H04L43/04 , H04L43/062 , H04L43/0894 , H04L63/02 , H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

34.

发明申请
DETERMINING THE CHRONOLOGY AND CAUSALITY OF EVENTS 审中-公开
Title translation: 确定事件的基因和病因

公开(公告)号：US20160359914A1

公开(公告)日：2016-12-08

申请号：US15095955

申请日：2016-04-11

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Signh , Shih-Chun Chang

IPC: H04L29/06

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F16/122 , G06F16/137 , G06F16/162 , G06F16/17 , G06F16/173 , G06F16/174 , G06F16/1744 , G06F16/1748 , G06F16/2322 , G06F16/235 , G06F16/2365 , G06F16/24578 , G06F16/248 , G06F16/285 , G06F16/288 , G06F16/29 , G06F16/9535 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N20/00 , G06N99/00 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: An example method includes calculating latency bounds for communications from two sensors to a collector (i.e., maximum and minimum latencies). After the collector receives an event report from the first sensor and an event report form the second sensor, the collector can determine, using the latency bounds, whether one event likely preceded the other.

Abstract translation: 示例性方法包括计算从两个传感器到收集器的通信的延迟范围（即，最大和最小延迟）。收集器收集第一个传感器的事件报告和第二个传感器的事件报告后，收集器可以使用延迟范围确定一个事件是否可能在另一个事件之前。

35.

发明申请
SYSTEM AND METHOD OF DETECTING WHETHER A SOURCE OF A PACKET FLOW TRANSMITS PACKETS WHICH BYPASS AN OPERATING SYSTEM STACK 审中-公开
Title translation: 检测分组流量传输的源的系统和方法除了操作系统堆栈之外的包

公开(公告)号：US20160359890A1

公开(公告)日：2016-12-08

申请号：US15171879

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L29/06

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

Abstract translation: 一种方法包括使用部署在第一主机处的第一捕获代理捕获与来自第一主机的第一分组流相关联的第一数据，以产生第一流数据，从第二主捕获与第一主机起源的第二分组流相关联的第二数据部署在第二主机上的捕获代理产生第二流数据并比较第一流数据和第二流数据以产生差异。当所述差异高于阈值时，所述方法包括确定所述第二分组流由绕过所述设备的所述第一主机或分组捕获代理的操作堆栈的组件发送以产生确定，检测所述隐藏网络流量存在并且基于该确定来预测与第一主机的恶意软件问题。

36.

发明申请
SYNTHETIC DATA FOR DETERMINING HEALTH OF A NETWORK SECURITY SYSTEM 审中-公开
Title translation: 用于确定网络安全系统健康的合成数据

公开(公告)号：US20160359878A1

公开(公告)日：2016-12-08

申请号：US15157300

申请日：2016-05-17

Applicant: Cisco Technology, Inc.

Inventor： Rohit Chandra Prasad , Bharathwaj Sankara Viswanathan , Hoang Viet Nguyen , Vimalkumar Jeyakumar , Roberto Fernando Spadaro , Varun Sagar Malhotra , Navindra Yadav

IPC: H04L29/06 , H04L12/26 , H04L29/08

Abstract: An example method can include choosing a pattern or patterns of network traffic. This pattern can be representative of a certain type of traffic such as an attack. The pattern can be associated with various components of a network and can describe expected behavior of these various components. A system performing this method can then choose a nodes or nodes to generate traffic according to the pattern and send an instruction accordingly. After this synthetic traffic is generated, the system can compare the behavior of the components with the expected behavior. An alert can then be created to notify an administrator or otherwise remedy any problems.

Abstract translation: 示例性方法可以包括选择网络流量的模式或模式。这种模式可以代表某种类型的流量，如攻击。该模式可以与网络的各种组件相关联，并且可以描述这些各种组件的预期行为。执行该方法的系统然后可以根据模式选择节点或节点来生成流量，并相应地发送指令。生成此合成流量后，系统可以将组件的行为与预期行为进行比较。然后可以创建警报以通知管理员或以其他方式补救任何问题。

37.

发明申请
SYSTEM AND METHOD OF SPOOF DETECTION 审中-公开
Title translation: SPOOF检测系统和方法

公开(公告)号：US20160359709A1

公开(公告)日：2016-12-08

申请号：US15171666

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang

IPC: H04L12/26 , H04L29/08 , H04L29/12

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F16/122 , G06F16/137 , G06F16/162 , G06F16/17 , G06F16/173 , G06F16/174 , G06F16/1744 , G06F16/1748 , G06F16/2322 , G06F16/235 , G06F16/2365 , G06F16/24578 , G06F16/248 , G06F16/285 , G06F16/288 , G06F16/29 , G06F16/9535 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N20/00 , G06N99/00 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: Managing a network environment to identify spoofed packets is disclosed. A method includes analyzing, via a first capture agent, packets processed by a first environment in a network associated with a first host, and analyzing, via a second capture agent, packets processed by a second environment in the network associated with a second host. The method includes collecting the first data and the second data at a collector and generating a topological map of the network and a history of network activity associated with the first environment and the second environment. The method includes extracting network data from a packet and comparing the extracted network data with stored network data in the database. When the comparison indicates that the extracted network data does not match the stored network data (i.e., the reported source does not match an expected source for the packet), determining that the packet is a spoofed packet.

Abstract translation: 公开了管理网络环境以识别欺骗性分组。一种方法包括经由第一捕获代理分析由与第一主机相关联的网络中的第一环境处理的分组，以及经由第二捕获代理分析由与第二主机相关联的网络中的第二环境处理的分组。该方法包括在收集器处收集第一数据和第二数据，并且生成网络的拓扑图和与第一环境和第二环境相关联的网络活动的历史。该方法包括从分组提取网络数据，并将提取的网络数据与数据库中存储的网络数据进行比较。当比较指示提取的网络数据与存储的网络数据不匹配（即，所报告的源与分组的预期来源不匹配）时，确定分组是欺骗分组。

38.

发明申请
HIGH AVAILABILITY OF COLLECTORS OF TRAFFIC REPORTED BY NETWORK SENSORS 审中-公开
Title translation: 网络传感器报告的交通收集者的高可用性

公开(公告)号：US20160359704A1

公开(公告)日：2016-12-08

申请号：US15171807

申请日：2016-06-02

Applicant: Cisco Technology, Inc.

Inventor： Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Navindra Yadav , Khawar Deen , Varun Sagar Malhotra

IPC: H04L12/26 , H04L12/24

CPC classification number: H04L43/045 , G06F3/0482 , G06F3/04842 , G06F3/04847 , G06F9/45558 , G06F17/30241 , G06F17/3053 , G06F17/30554 , G06F17/30598 , G06F17/30604 , G06F17/30867 , G06F21/53 , G06F21/552 , G06F21/566 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/033 , G06F2221/2101 , G06F2221/2105 , G06F2221/2111 , G06F2221/2115 , G06F2221/2145 , G06N99/005 , G06T11/206 , H04J3/0661 , H04J3/14 , H04L1/242 , H04L9/0866 , H04L9/3239 , H04L9/3242 , H04L41/046 , H04L41/0668 , H04L41/0803 , H04L41/0806 , H04L41/0816 , H04L41/0893 , H04L41/12 , H04L41/16 , H04L41/22 , H04L43/02 , H04L43/04 , H04L43/062 , H04L43/08 , H04L43/0805 , H04L43/0811 , H04L43/0829 , H04L43/0841 , H04L43/0858 , H04L43/0864 , H04L43/0876 , H04L43/0882 , H04L43/0888 , H04L43/10 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/306 , H04L45/38 , H04L45/46 , H04L45/507 , H04L45/66 , H04L45/74 , H04L47/11 , H04L47/20 , H04L47/2441 , H04L47/2483 , H04L47/28 , H04L47/31 , H04L47/32 , H04L61/2007 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/0876 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1458 , H04L63/1466 , H04L63/16 , H04L63/20 , H04L67/10 , H04L67/1002 , H04L67/12 , H04L67/16 , H04L67/22 , H04L67/36 , H04L67/42 , H04L69/16 , H04L69/22 , H04W72/08 , H04W84/18

Abstract: Systems, methods, and computer-readable media for collector high availability. In some embodiments, a system receives, from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network. The system can also receive, from a second collector device, a second data report generated by the capturing agent deployed on the host system. The first and second data reports can include traffic data captured at the host system by the capturing agent during a period of time. The system can determine that the first data report and the second data report are both associated with the capturing agent, and identify duplicate data contained in the first data report and the second data report. The system can then deduplicate the first and second data reports to yield a deduplicated data report.

Abstract translation: 收集器高可用性的系统，方法和计算机可读介质。在一些实施例中，系统从第一收集器设备接收由部署在网络中的主机系统上的捕获代理产生的第一数据报告。系统还可以从第二收集器设备接收由主机系统上部署的捕获代理产生的第二数据报告。第一和第二数据报告可以包括捕获代理在一段时间内在主机系统捕获的流量数据。系统可以确定第一数据报告和第二数据报告都与捕获代理相关联，并且识别包含在第一数据报告和第二数据报告中的重复数据。然后，系统可以对第一和第二个数据报告进行重复数据删除，以产生重复数据删除的数据报告。