发明名称 |
Network attack detection using combined probabilities |
摘要 |
In one embodiment, a device in a network receives a set of output label dependencies for a set of attack detectors. The device identifies applied labels that were applied by the attack detectors to input data regarding a network, the applied labels being associated with probabilities. The device determines a combined probability for two or more of the applied labels based on the output label dependencies and the probabilities associated with the two or more labels. The device selects one of the applied labels as a finalized label for the input data based on the probabilities associated with the applied labels and on the combined probability for the two or more labels. |
申请公布号 |
US9450972(B2) |
申请公布日期 |
2016.09.20 |
申请号 |
US201414338751 |
申请日期 |
2014.07.23 |
申请人 |
Cisco Technology, Inc. |
发明人 |
Cruz Mota Javier;Di Pietro Andrea;Vasseur Jean-Philippe |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
Parker Ibrahim & Berg LLC |
代理人 |
Parker Ibrahim & Berg LLC ;Behmke James M.;LeBarron Stephen D. |
主权项 |
1. A method, comprising:
receiving, at a device in a network, a set of output label dependencies for a set of attack detectors that exploit dependencies between overlapping labels used by different attack detection classifiers; identifying, by the device, applied labels that were applied by the attack detectors to input data regarding the network, wherein probabilities are associated with the applied labels; determining, by the device, a combined probability for two or more of the applied labels based on the output label dependencies and the probabilities associated with the two or more labels; and selecting, by the device, one of the applied labels as a finalized label for the input data based on the probabilities associated with the applied labels and on the combined probability for the two or more labels. |
地址 |
San Jose CA US |