公开(公告)号：US10116531B2

公开(公告)日：2018-10-30

申请号：US15170837

申请日：2016-06-01

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Abhishek Ranjan Singh ,  Vimalkumar Jeyakumar ,  Shashidhar Gandham ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  H04L12/851 ,  H04L12/715 ,  H04L12/725 ,  H04L12/24 ,  H04W84/18 ,  G06F17/30 ,  G06F3/0482 ,  G06F9/455 ,  G06N99/00 ,  G06F21/53 ,  H04L12/723 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04L9/32 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06T11/20 ,  H04L12/841 ,  G06F21/55 ,  G06F21/56

Abstract: Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

公开(公告)号：US20160359872A1

公开(公告)日：2016-12-08

申请号：US15134100

申请日：2016-04-20

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow ,  Andrew Sloane

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/062 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract translation: 示例性方法包括在整个数据中心中检测，使用传感器分组。 然后，传感器可以将数据包日志发送到各种收集器，然后可以识别和汇总数据中心中的数据流。 然后，收集器可以将流日志发送到分析模块，分析模块可以识别数据中心的状态并检测攻击。

公开(公告)号：US20160359740A1

公开(公告)日：2016-12-08

申请号：US15173210

申请日：2016-06-03

Applicant: Cisco Technology, Inc.

Inventor： Ali Parandehgheibi ,  Mohammadreza Alizadeh Attar ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Navindra Yadav

IPC: H04L12/741 ,  H04L29/06 ,  H04L12/813 ,  H04L12/721

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Flow data can be augmented with features or attributes from other domains, such as attributes from a source host and/or destination host of a flow, a process initiating the flow, and/or a process owner or user. A network can be configured to capture network or packet header attributes of a first flow and determine additional attributes of the first flow using a sensor network. The sensor network can include sensors for networking devices (e.g., routers, switches, network appliances), physical servers, hypervisors or container engines, and virtual partitions (e.g., virtual machines or containers). The network can calculate a feature vector including the packet header attributes and additional attributes to represent the first flow. The network can compare the feature vector of the first flow to respective feature vectors of other flows to determine an applicable policy, and enforce that policy for subsequent flows.

Abstract translation: 可以使用来自其他域的特征或属性（例如来自源的主机和/或目的主机的流的属性，启动流的进程）和/或进程所有者或用户来增加流数据。 可以将网络配置为捕获第一流的网络或分组报头属性，并使用传感器网络确定第一流的附加属性。 传感器网络可以包括用于网络设备（例如，路由器，交换机，网络设备），物理服务器，管理程序或容器引擎以及虚拟分区（例如，虚拟机或容器）的传感器。 网络可以计算包括分组报头属性和附加属性的特征向量来表示第一流。 网络可以将第一个流的特征向量与其他流的各个特征向量进行比较，以确定适用的策略，并对随后的流量执行该策略。

公开(公告)号：US20160359697A1

公开(公告)日：2016-12-08

申请号：US15145666

申请日：2016-05-03

Applicant: Cisco Technology, Inc.

Inventor： Ellen Christine Scheib ,  Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/26 ,  H04W84/18

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F17/30241 ,  G06F17/3053 ,  G06F17/30554 ,  G06F17/30598 ,  G06F17/30604 ,  G06F17/30867 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N99/005 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: Application dependency mapping (ADM) can be automated in a network. The network can determine an optimum number of clusters for the network using the minimum description length principle (MDL). The network can capture network and associated data using a sensor network that provides multiple perspectives and generate a graph therefrom. The nodes of the graph can include sources, destinations, and destination ports identified in the captured data, and the edges of the graph can include observed flows from the sources to the destinations at the destination ports. Each clustering can be evaluated according to an MDL score. The optimum number of clusters for the network may correspond to the number of clusters of the clustering associated with the minimum MDL score.

Abstract translation: 应用程序依赖关系映射（ADM）可以在网络中自动化。 网络可以使用最小描述长度原则（MDL）来确定网络的最佳聚类数。 网络可以使用提供多个透视图并从其生成图形的传感器网络捕获网络和相关数据。 图形的节点可以包括在捕获的数据中标识的源，目的地和目的地端口，并且图形的边缘可以包括从源到目的地端口的目的地的观测流。 可以根据MDL评分来评估每个聚类。 网络的最佳聚类数可以对应于与最小MDL分数相关联的聚类的聚类数。

公开(公告)号：US20160359678A1

公开(公告)日：2016-12-08

申请号：US15140365

申请日：2016-04-27

Applicant: Cisco Technology, Inc.

Inventor： Omid Madani ,  Ali Parandehgheibi ,  Navindra Yadav ,  Vimalkumar Jeyakumar ,  Ellen Christine Scheib ,  Mohammadreza Alizadeh Attar

IPC: H04L12/24 ,  G06F9/455 ,  G06F17/30 ,  H04L29/08 ,  G06F3/0484

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/2007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/36 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22 ,  H04W72/08 ,  H04W84/18

Abstract: This disclosure generally relate to a method and system for mapping application dependency information. The present technology relates techniques that enable user-adjustable application dependency mapping of a network system. By collecting internal network data using various sensors in conjunction with external user inputs, the present technology can provide optimized application dependency mapping using user inputs.

Abstract translation: 本公开通常涉及用于映射应用依赖性信息的方法和系统。 本技术涉及使得网络系统的用户可调整的应用依赖性映射的技术。 通过使用各种传感器结合外部用户输入收集内部网络数据，本技术可以使用用户输入提供优化的应用依赖性映射。

公开(公告)号：US11936663B2

公开(公告)日：2024-03-19

申请号：US18054069

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/0894 ,  H04L43/062

CPC classification number: H04L63/1408 ,  H04L43/04 ,  H04L43/0894 ,  H04L63/02 ,  H04L63/1425 ,  H04L43/062

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20230118563A1

公开(公告)日：2023-04-20

申请号：US18054069

申请日：2022-11-09

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L9/40 ,  H04L43/04 ,  H04L43/0894

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

公开(公告)号：US20210243093A1

公开(公告)日：2021-08-05

申请号：US17238193

申请日：2021-04-22

Applicant: Cisco Technology, Inc.

Inventor： Mohammadreza Alizadeh Attar ,  Navindra Yadav ,  Abhishek Ranjan Singh ,  Vimalkumar Jeyakumar ,  Shashidhar Gandham ,  Roberto Fernando Spadaro

IPC: H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L12/24 ,  H04L12/715 ,  H04L12/723 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

公开(公告)号：US10917319B2

公开(公告)日：2021-02-09

申请号：US16443122

申请日：2019-06-17

Applicant: Cisco Technology, Inc.

Inventor： Ellen Christine Scheib ,  Ali Parandehgheibi ,  Omid Madani ,  Vimalkumar Jeyakumar ,  Navindra Yadav ,  Mohammadreza Alizadeh Attar

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/06 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L12/715 ,  H04L12/723 ,  H04L29/08 ,  H04L12/851 ,  H04W84/18 ,  G06F21/53 ,  G06F3/0484 ,  H04L1/24 ,  H04W72/08 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L29/12 ,  H04L12/813 ,  H04L12/823 ,  H04L12/801 ,  H04L12/741 ,  H04L12/833 ,  H04L12/721 ,  G06F3/0482 ,  G06T11/20 ,  H04L12/841 ,  H04L12/725

Abstract: Systems and methods are provided for automatically discovering applications/clusters in a network and mapping dependencies between the applications/clusters. A network monitoring system can capture network flow data using sensors executing on physical and/or virtual servers of the network and sensors executing on networking devices connected to the servers. The system can determine a graph including nodes, representing at least the servers, and edges, between pairs of the nodes of the graph indicating the network flow data includes one or more observed flows between pairs of the servers represented by the pairs of the nodes. The system can determine a dependency map, including representations of clusters of the servers and representations of dependencies between the clusters, based on the graph. The system can display a first representation of a first cluster of the dependency map and information indicating a confidence level of identifying the first cluster.

公开(公告)号：US20200304523A1

公开(公告)日：2020-09-24

申请号：US16899190

申请日：2020-06-11

Applicant: Cisco Technology, Inc.

Inventor： Navindra Yadav ,  Abhishek Ranjan Singh ,  Shashidhar Gandham ,  Ellen Christine Scheib ,  Omid Madani ,  Ali Parandehgheibi ,  Jackson Ngoc Ki Pang ,  Vimalkumar Jeyakumar ,  Michael Standish Watts ,  Hoang Viet Nguyen ,  Khawar Deen ,  Rohit Chandra Prasad ,  Sunil Kumar Gupta ,  Supreeth Hosur Nagesh Rao ,  Anubhav Gupta ,  Ashutosh Kulshreshtha ,  Roberto Fernando Spadaro ,  Hai Trong Vu ,  Varun Sagar Malhotra ,  Shih-Chun Chang ,  Bharathwaj Sankara Viswanathan ,  Fnu Rachita Agasthy ,  Duane Thomas Barlow

IPC: H04L29/06 ,  H04L12/26

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.