发明名称 |
ANOMALY DETECTION IN A COMPUTER NETWORK |
摘要 |
In one embodiment, a training request is sent to a plurality of nodes in a network to cause the nodes to generate statistics regarding unicast and broadcast message reception rates associated with the nodes. The statistics are received from the nodes and a statistical model is generated using the received statistics and is configured to detect a network attack by comparing unicast and broadcast message reception statistics. The statistical model is then provided to the nodes and an indication that a network attack was detected by a particular node is received from the particular node. |
申请公布号 |
US2015195296(A1) |
申请公布日期 |
2015.07.09 |
申请号 |
US201414164475 |
申请日期 |
2014.01.27 |
申请人 |
CISCO TECHNOLOGY, INC. |
发明人 |
Vasseur Jean-Philippe;Cruz Mota Javier;Di Pietro Andrea |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method, comprising:
sending a training request to a plurality of nodes in a network, wherein the training request causes the nodes to generate statistics regarding unicast and broadcast message reception rates associated with the nodes; receiving the statistics from the nodes; generating a statistical model using the received statistics, wherein the statistical model is configured to detect a network attack by comparing unicast and broadcast message reception rate statistics; providing the statistical model to the nodes; and receiving, from a particular node, an indication that a network attack was detected by the particular node. |
地址 |
San Jose CA US |