DISTRIBUTED LEARNING IN A COMPUTER NETWORK
First Claim
Patent Images
1. A method comprising:
- receiving, at a network device, a first data set indicative of the statuses of a plurality of network devices when a type of network attack is not present;
receiving a second data set indicative of the statuses of the plurality of network devices when the type of network attack is present, wherein at least one of the plurality simulates the type of network attack by operating as an attacking node;
training a machine learning model using the first and second data set to identify the type of network attack; and
identifying a real network attack using the trained machine learning model.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a first data set is received by a network device that is indicative of the statuses of a plurality of network devices when a type of network attack is not present. A second data set is also received that is indicative of the statuses of the plurality of network devices when the type of network attack is present. At least one of the plurality simulates the type of network attack by operating as an attacking node. A machine learning model is trained using the first and second data set to identify the type of network attack. A real network attack is then identified using the trained machine learning model.
54 Citations
23 Claims
-
1. A method comprising:
-
receiving, at a network device, a first data set indicative of the statuses of a plurality of network devices when a type of network attack is not present; receiving a second data set indicative of the statuses of the plurality of network devices when the type of network attack is present, wherein at least one of the plurality simulates the type of network attack by operating as an attacking node; training a machine learning model using the first and second data set to identify the type of network attack; and identifying a real network attack using the trained machine learning model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
one or more network interfaces to communicate in a computer network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive a first data set indicative of the statuses of a plurality of network devices when a type of network attack is not present; receive a second data set indicative of the statuses of the plurality of network devices when the type of network attack is present, wherein at least one of the plurality simulates the type of network attack by operating as an attacking node; train a machine learning model using the first and second data set to identify the type of network attack; and identify a real network attack using the trained machine learning model. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A tangible, non-transitory, computer-readable media having software encoded thereon, the software when executed by a processor operable to:
-
receive a first data set indicative of the statuses of a plurality of network devices when a type of network attack is not present; receive a second data set indicative of the statuses of the plurality of network devices when the type of network attack is present, wherein at least one of the plurality simulates the type of network attack by operating as an attacking node; train a machine learning model using the first and second data set to identify the type of network attack; and identify a real network attack using the trained machine learning model. - View Dependent Claims (17)
-
-
18. A method comprising:
-
receiving, at a network policy engine, a request to begin collecting a first set of status data from a plurality of network devices corresponding to a type of network attack not being present; scheduling the collection of the first set of status data; receiving, at the network policy engine, a request to begin collecting a second set of status data from the plurality of network devices corresponding to at least one of the network devices simulating the type of network attack; scheduling the collection of the second set of status data; and receiving a notification that a machine learning model has been trained using the first and second sets of status data. - View Dependent Claims (19, 20, 21, 22)
-
-
23. An apparatus, comprising:
-
one or more network interfaces to communicate in a computer network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive a request to begin collecting a first set of status data from a plurality of network devices corresponding to a type of network attack not being present; schedule the collection of the first set of status data; receive a request to begin collecting a second set of status data from the plurality of network devices corresponding to at least one of the network devices simulating the type of network attack; schedule the collection of the second set of status data; and receive a notification that a machine learning model has been trained using the first and second sets of status data.
-
Specification