Anomaly detection and correction in wireless networks

US 10,574,547 B2
Filed: 04/12/2018
Issued: 02/25/2020
Est. Priority Date: 04/12/2018
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at an edge node in a data communications network, a plurality of digital data packets that have been received via a wireless data interface, wired data interface or data path;

filtering, by the edge node, the plurality of digital data packets to produce filtered digital data packets;

in the edge node, executing code for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol;

in the edge node, in parallel with executing the code, executing a protocol state machine comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol;

detecting, by the edge node, an anomaly between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, generating an anomaly event comprising digital data indicating that the anomaly has occurred;

in response to detecting the anomaly, transmitting, by the edge node, an anomaly event log based on the anomaly event and the filtered digital data packets to a computing device different from the edge node;

wherein the method is performed by one or more processors of the edge node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of digital data packets may be received via a wireless data interface, wired data interface, or data path. Code may be executed for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol. A protocol state machine may be executed comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol. An anomaly may be detected between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, an anomaly event may be generated comprising digital data indicating that the anomaly has occurred. An anomaly event log based on the anomaly event and the filtered digital data packets may be transmitted to a computing device.

4 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, at an edge node in a data communications network, a plurality of digital data packets that have been received via a wireless data interface, wired data interface or data path;
  
  filtering, by the edge node, the plurality of digital data packets to produce filtered digital data packets;
  
  in the edge node, executing code for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol;
  
  in the edge node, in parallel with executing the code, executing a protocol state machine comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol;
  
  detecting, by the edge node, an anomaly between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, generating an anomaly event comprising digital data indicating that the anomaly has occurred;
  
  in response to detecting the anomaly, transmitting, by the edge node, an anomaly event log based on the anomaly event and the filtered digital data packets to a computing device different from the edge node;
  
  wherein the method is performed by one or more processors of the edge node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the edge node comprises a wireless networking access point (AP).
  - 3. The method of claim 1, wherein filtering the plurality of digital data packets includes filtering out all digital data packets from the plurality of digital data packets that are not IEEE 802.11 management frame packets or IEEE 802.3 control frame packets.
  - 4. The method of claim 1, further comprising:
    - generating, using the edge node, a digital accounting record comprising;
      
      digital data packet header data from the filtered plurality of digital data packets and physical layer data from the edge node.
  - 5. The method of claim 4, wherein the digital packet header data includes a frame control field, a duration field, one or more address fields, a sequence control field, and a QoS control field.
  - 6. The method of claim 4, wherein the physical layer data includes a transmit status data rate, fragment information, and reassembly information.
  - 7. The method of claim 1, further comprising:
    - storing, in a digital data repository, the filtered digital data packets;
      
      wherein storing the filtered data packets in the digital data repository includes storing the filtered data packets for a specified amount of time and deleting the filtered data packets when the specified amount of time expires.
  - 8. The method of claim 1, wherein the anomaly event log comprises digital data that indicates the occurrence of the anomaly event.
  - 9. The method of claim 1, further comprising:
    - in response to detecting the anomaly event, collecting, at the edge node, digital client feedback data, the digital client feedback data comprising digital data associated with the anomaly event;
      
      transmitting, by the edge node, the digital client feedback data to the computing device.
  - 10. The method of claim 1, wherein the computing device comprises a non-edge node.

11. A packet switch that is communicatively coupled to one or more wireless networking access points and comprising:
- one or more processors;
  
  one or more networking interfaces coupled to the one or more processors;
  
  one or more non-transitory computer-readable storage media coupled to the one or more processors and storing one or more sequences of instructions which, when executed using the one or more processors, cause performing;
  
  receiving a plurality of digital data packets that have been received via a wireless data interface, wired data interface or data path;
  
  filtering the plurality of digital data packets to produce filtered digital data packets;
  
  executing code for a data communications protocol in which one or more of the filtered digital data packets causes the code to transition to different states of the protocol;
  
  in parallel with executing the code, executing a protocol state machine comprising a plurality of states and a plurality of transitions between the states to simulate correct execution of a particular data communication protocol;
  
  detecting an anomaly between a first particular state of the protocol during the execution of the code and a second particular state of the protocol state machine, and in response, generating an anomaly event comprising digital data indicating that the anomaly has occurred;
  
  in response to detecting the anomaly, transmitting an anomaly event log based on the anomaly event and the filtered digital data packets to a computing device different from the edge node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The packet switch of claim 11, wherein filtering the plurality of digital data packets includes filtering out all digital data packets from the plurality of digital data packets that are not IEEE 802.11 management frame packets or IEEE 802.3 control frame packets.
  - 13. The packet switch of claim 11, further comprising:
    - generating, using the edge node, a digital accounting record comprising;
      
      digital data packet header data from the filtered plurality of digital data packets and physical layer data from the edge node.
  - 14. The packet switch of claim 13, wherein the digital packet header data includes a frame control field, a duration field, one or more address fields, a sequence control field, and a QoS control field.
  - 15. The packet switch of claim 13, wherein the physical layer data includes a transmit status data rate, fragment information, and reassembly information.
  - 16. The packet switch of claim 11, further comprising:
    - storing, in a digital data repository, the filtered digital data packets;
      
      wherein storing the filtered data packets in the digital data repository includes storing the filtered data packets for a specified amount of time and deleting the filtered data packets when the specified amount of time expires.
  - 17. The packet switch of claim 11, wherein the anomaly event log comprises digital data that indicates the occurrence of the anomaly event.
  - 18. The packet switch of claim 11, further comprising:
    - in response to detecting the anomaly event, collecting, at the edge node, digital client feedback data, the digital client feedback data comprising digital data associated with the anomaly event;
      
      transmitting, by the edge node, the digital client feedback data to the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Gupta, Manoj, Lo, Juei Cheng
Primary Examiner(s)
Zhao, Wei

Application Number

US15/952,114
Publication Number

US 20190319863A1
Time in Patent Office

684 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/069   using logs of notifications...

H04L 41/142   using statistical or mathem...

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 43/0876   Network utilisation, e.g. v...

H04L 45/22   Alternate routing

H04L 67/12   specially adapted for propr...

H04L 69/02   Protocol performance

H04W 24/02   Arrangements for optimising...

H04W 24/04   Arrangements for maintainin...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Anomaly detection and correction in wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

4 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Anomaly detection and correction in wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links