Patents by Inventor Andrea Di Pietro

Andrea Di Pietro has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10218726
    Abstract: In one embodiment, a networking device in a network causes formation of device clusters of devices in the network. The devices in a particular cluster exhibit similar characteristics. The networking device receives feedback from a device identity service regarding the device clusters. The feedback is based in part on the device identity service probing the devices. The networking device adjusts the device clusters based on the feedback from the device identity service. The networking device performs anomaly detection in the network using the adjusted device clusters.
    Type: Grant
    Filed: June 13, 2016
    Date of Patent: February 26, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Grégory Mermoud, Pierre-André Savalle, Andrea Di Pietro, Sukrit Dasgupta
  • Patent number: 10218727
    Abstract: In one embodiment, a device in a network receives, from a supervisory device, trace information for one or more traffic flows associated with a particular anomaly. The device remaps network addresses in the trace information to addresses of one or more nodes in the network based on roles of the one or more nodes. The device mixes, using the remapped network addresses, the trace information with traffic information regarding one or more observed traffic flows in the network, to form a set of mixed traffic information. The device analyzes the mixed traffic information using an anomaly detection model. The device provides an indication of a result of the analysis of the mixed traffic information to the supervisory device.
    Type: Grant
    Filed: June 16, 2016
    Date of Patent: February 26, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Andrea Di Pietro, Jean-Philippe Vasseur
  • Patent number: 10200404
    Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.
    Type: Grant
    Filed: January 5, 2018
    Date of Patent: February 5, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Javier Cruz Mota, Jean-Philippe Vasseur, Andrea Di Pietro
  • Patent number: 10187413
    Abstract: In one embodiment, a supervisory device in a network receives traffic data from a security device that uses traffic signatures to assess traffic in the network. The supervisory device receives traffic data from one or more distributed learning agents that use machine learning-based anomaly detection to assess traffic in the network. The supervisory device trains a traffic classifier using the received traffic data from the security device and from the one or more distributed learning agents. The supervisory device deploys the traffic classifier to a selected one of the one or more distributed learning agents.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: January 22, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Andrea Di Pietro, Grégory Mermoud, Fabien Flacher
  • Publication number: 20180367428
    Abstract: In one embodiment, a device receives health status data indicative of a health status of a data source in a network that provides collected telemetry data from the network for analysis by a machine learning-based network analyzer. The device maintains a performance model for the data source that models the health of the data source. The device computes a trustworthiness index for the telemetry data provided by the data source based on the received health status data and the performance model for the data source. The device adjusts, based on the computed trustworthiness index for the telemetry data provided by the data source, one or more parameters used by the machine learning-based network analyzer to analyze the telemetry data provided by the data source.
    Type: Application
    Filed: June 19, 2017
    Publication date: December 20, 2018
    Inventors: Andrea Di Pietro, Grégory Mermoud, Jean-Philippe Vasseur, Sukrit Dasgupta
  • Publication number: 20180357560
    Abstract: In one embodiment, a device identifies a new data source of characteristics data for a monitored network. The device initiates a quarantine period for the characteristic data from the new data source. The characteristic data from the new data source is quarantined from input to a machine learning-based analyzer during the quarantine period. The device models the characteristic data from the new data source during the quarantine period, to determine whether the characteristic data from the new data source is reliable for input to the machine learning-based analyzer. After the quarantine period, the device provides the characteristic data from the new data source to the machine learning-based analyzer based on a determination that the characteristic data from the new data source is reliable.
    Type: Application
    Filed: June 12, 2017
    Publication date: December 13, 2018
    Inventors: Andrea Di Pietro, Grégory Mermoud, Sukrit Dasgupta, Jean-Philippe Vasseur
  • Patent number: 10038713
    Abstract: In one embodiment, attack detectability metrics are received from nodes along a path in a network. The attack detectability metrics from the nodes along the path are used to compute a path attack detectability value. A determination is made as to whether the path attack detectability value satisfies a network policy and one or more routing paths in the network are adjusted based on the path attack detectability value not satisfying the network policy.
    Type: Grant
    Filed: May 6, 2014
    Date of Patent: July 31, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Javier Cruz Mota, Andrea Di Pietro
  • Patent number: 10009364
    Abstract: In one embodiment, a first device in a network identifies a first traffic flow between two endpoints that traverses the first device in a first direction. The first device receives information from a second device in the network regarding a second traffic flow between the two endpoints that traverses the second device in a second direction that is opposite that of the first direction. The first device merges characteristics of the first traffic flow captured by the first device with characteristics of the second traffic flow captured by the second device and included in the information received from the second device, to form an input feature set. The first device detects an anomaly in the network by analyzing the input feature set using a machine learning-based anomaly detector.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: June 26, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Sukrit Dasgupta, Jean-Philippe Vasseur, Andrea Di Pietro
  • Publication number: 20180146007
    Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.
    Type: Application
    Filed: January 5, 2018
    Publication date: May 24, 2018
    Inventors: Javier Cruz Mota, Jean-Philippe Vasseur, Andrea Di Pietro
  • Patent number: 9930057
    Abstract: In one embodiment, a device in a network captures a first set of packets based on first packet capture criterion. The captured first set of packets is provided for deep packet inspection and anomaly detection. The device receives a second packet capture criterion that differs from the first packet capture criterion. The device captures a second set of packets based on the second packet capture criterion. The device provides the captured second set of packets for deep packet inspection and anomaly detection. The anomaly detection of the captured first and second sets of packets is performed by a machine learning-based anomaly detector configured to generate anomaly detection results based in part on one or more traffic metrics gathered from the network and based further in part on deep packet inspection results of packets captured in the network.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: March 27, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Andrea Di Pietro, Jean-Philippe Vasseur, Javier Cruz Mota
  • Patent number: 9922196
    Abstract: In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: March 20, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Andrea Di Pietro, Jean-Philippe Vasseur, Javier Cruz Mota
  • Patent number: 9923910
    Abstract: In one embodiment, a device in a network analyzes data regarding a detected anomaly in the network. The device determines whether the detected anomaly is a false positive. The device generates a white label for the detected anomaly based on a determination that the detected anomaly is a false positive. The device causes one or more alerts regarding the detected anomaly to be suppressed using the generated white label for the anomaly.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: March 20, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Andrea Di Pietro, Jean-Philippe Vasseur, Javier Cruz Mota
  • Patent number: 9900342
    Abstract: In one embodiment, a traffic model manager node receives data flows in a network and determines a degree to which the received data flows conform to one or more traffic models classifying particular types of data flows as non-malicious. If the degree to which the received data flows conform to the one or more traffic models is sufficient, the traffic model manager node characterizes the received data flows as non-malicious. Otherwise, the traffic model manager node provides the received data flows to a denial of service (DoS) attack detector in the network to allow the received data flows to be scanned for potential attacks.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: February 20, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Javier Cruz Mota, Jean-Philippe Vasseur, Andrea Di Pietro
  • Patent number: 9870537
    Abstract: In one embodiment, a first data set is received by a network device that is indicative of the statuses of a plurality of network devices when a type of network attack is not present. A second data set is also received that is indicative of the statuses of the plurality of network devices when the type of network attack is present. At least one of the plurality simulates the type of network attack by operating as an attacking node. A machine learning model is trained using the first and second data set to identify the type of network attack. A real network attack is then identified using the trained machine learning model.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: January 16, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Javier Cruz Mota, Andrea Di Pietro
  • Publication number: 20170279839
    Abstract: In one embodiment, a supervisory device in a network receives traffic data from a security device that uses traffic signatures to assess traffic in the network. The supervisory device receives traffic data from one or more distributed learning agents that use machine learning-based anomaly detection to assess traffic in the network. The supervisory device trains a traffic classifier using the received traffic data from the security device and from the one or more distributed learning agents. The supervisory device deploys the traffic classifier to a selected one of the one or more distributed learning agents.
    Type: Application
    Filed: July 18, 2016
    Publication date: September 28, 2017
    Inventors: Jean-Philippe Vasseur, Andrea Di Pietro, Grégory Mermoud, Fabien Flacher
  • Publication number: 20170279838
    Abstract: In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function.
    Type: Application
    Filed: July 18, 2016
    Publication date: September 28, 2017
    Inventors: Sukrit Dasgupta, Jean-Philippe Vasseur, Andrea Di Pietro
  • Publication number: 20170279837
    Abstract: In one embodiment, a first device in a network identifies a first traffic flow between two endpoints that traverses the first device in a first direction. The first device receives information from a second device in the network regarding a second traffic flow between the two endpoints that traverses the second device in a second direction that is opposite that of the first direction. The first device merges characteristics of the first traffic flow captured by the first device with characteristics of the second traffic flow captured by the second device and included in the information received from the second device, to form an input feature set. The first device detects an anomaly in the network by analyzing the input feature set using a machine learning-based anomaly detector.
    Type: Application
    Filed: July 18, 2016
    Publication date: September 28, 2017
    Inventors: Sukrit Dasgupta, Jean-Philippe Vasseur, Andrea Di Pietro
  • Publication number: 20170279847
    Abstract: In one embodiment, a primary networking device in a branch network receives a notification of an anomaly detected by a secondary networking device in the branch network. The primary networking device is located at an edge of the network. The primary networking device aggregates the anomaly detected by the secondary networking device and a second anomaly detected in the network into an aggregated anomaly. The primary networking device associates the aggregated anomaly with a location of the secondary networking device in the branch network. The primary networking device reports the aggregated anomaly and the associated location of the secondary networking device to a supervisory device.
    Type: Application
    Filed: May 13, 2016
    Publication date: September 28, 2017
    Inventors: Sukrit Dasgupta, Jean-Philippe Vasseur, Andrea Di Pietro
  • Publication number: 20170279829
    Abstract: In one embodiment, a networking device in a network causes formation of device clusters of devices in the network. The devices in a particular cluster exhibit similar characteristics. The networking device receives feedback from a device identity service regarding the device clusters. The feedback is based in part on the device identity service probing the devices. The networking device adjusts the device clusters based on the feedback from the device identity service. The networking device performs anomaly detection in the network using the adjusted device clusters.
    Type: Application
    Filed: June 13, 2016
    Publication date: September 28, 2017
    Inventors: Jean-Philippe Vasseur, Grégory Mermoud, Pierre-André Savalle, Andrea Di Pietro, Sukrit Dasgupta
  • Publication number: 20170279835
    Abstract: In one embodiment, a node in a network detects an anomaly in the network based on a result of a machine learning-based anomaly detector analyzing network traffic. The node determines a packet capture policy for the anomaly by applying a machine learning-based classifier to the result of the anomaly detector. The node selects a set of packets from the analyzed traffic based on the packet capture policy. The node stores the selected set of packets for the detected anomaly.
    Type: Application
    Filed: July 15, 2016
    Publication date: September 28, 2017
    Inventors: Andrea Di Pietro, Jean-Philippe Vasseur, Sukrit Dasgupta