| 发明名称 | Ground truth evaluation for voting optimization | ||
| 摘要 | In one embodiment, attack observations by a first node are provided to a user interface device regarding an attack detected by the node. Input from the user interface device is received that confirms that a particular attack observation by the first node indicates that the attack was detected correctly by the first node. Attack observations by one or more other nodes are provided to the user interface device. Input is received from the user interface device that confirms whether the attack observations by the first node and the attack observations by the one or more other nodes are both related to the attack. The one or more other nodes are identified as potential voters for the first node in a voting-based attack detection mechanism based on the attack observations from the first node and the one or more other nodes being related. | ||
| 申请公布号 | US9559918(B2) | 申请公布日期 | 2017.01.31 |
| 申请号 | US201414278532 | 申请日期 | 2014.05.15 |
| 申请人 | Cisco Technology, Inc. | 发明人 | Di Pietro Andrea;Vasseur Jean-Philippe;Cruz Mota Javier |
| 分类号 | G06F11/00;H04L12/26;H04L29/06;H04L29/08;H04L12/24 | 主分类号 | G06F11/00 |
| 代理机构 | Parker Ibrahim & Berg LLC | 代理人 | Parker Ibrahim & Berg LLC ;Behmke James M.;LeBarron Stephen D. |
| 主权项 | 1. A method, comprising: providing, by a supervisory computer network device, computer network attack observations from a first computer network device in a computer network to a user interface device regarding a potential computer network attack detected by the first computer network device; receiving, at the supervisory computer network device, a confirmation from the user interface device that confirms that a particular computer network attack observation from the first computer network device indicates that the potential computer network attack was detected correctly by the first computer network device; in response to receiving the confirmation that a potential computer network attack was detected correctly, providing, by the supervisory computer network device, computer network attack observations from one or more other computer network devices in the computer network to the user interface device; receiving, at the supervisory computer network device, one or more confirmations from the user interface device that confirms that the computer network attack observations from the one or more other computer network devices are related to the computer network attack observations from the first computer network device; and identifying, by the supervisory computer network device, the one or more other computer network devices to act as potential voters for the first computer network device in a voting-based network attack detection mechanism based on the computer network attack observations from the first computer network device and the one or more other computer network devices being related to each other. | ||
| 地址 | San Jose CA US | ||