US Patent No. 10,659,484

HIERARCHICAL ACTIVATION OF BEHAVIORAL MODULES ON A DATA PLANE FOR BEHAVIORAL ANALYTICS


Patent No. 10,659,484
Issue Date May 19, 2020
Title Hierarchical Activation Of Behavioral Modules On A Data Plane For Behavioral Analytics
Inventorship Saman Taghavi Zargar, Milpitas, CA (US)
Subharthi Paul, San Jose, CA (US)
Prashanth Patil, San Jose, CA (US)
Jayaraman Iyer, Sunnyvale, CA (US)
Hari Shankar, San Jose, CA (US)
Assignee Cisco Technology, Inc., San Jose, CA (US)

Claim of US Patent No. 10,659,484

1. A method, comprising:maintaining, by a centralized controller in a computer network, a plurality of hierarchical behavioral modules of a behavioral model;
distributing, by the centralized controller, one or more initial behavioral modules of the plurality of hierarchical behavioral modules to one or more data plane entities to cause the one or more data plane entities to apply the one or more initial behavioral modules to data plane traffic at the respective data plane entities;
receiving, by the centralized controller, data from a particular data plane entity of the one or more data plane entities based on the particular data plane entity applying the initial behavioral modules to data plane traffic at the particular data plane entity;
distributing, by the centralized controller, one or more subsequent behavioral modules of the plurality of hierarchical behavioral modules to the particular data plane entity to cause the particular data plane entity to apply the one or more subsequent behavioral modules to the data plane traffic, the one or more subsequent behavioral modules selected based on the previously received data from the particular data plane entity; and
iteratively receiving data from the particular data plane entity based on the particular data plane entity applying the subsequent behavioral modules to the data plane traffic and distributing subsequently selected behavioral modules of the plurality of hierarchical behavioral modules to the particular data plane entity, by the centralized controller, until an attack determination is made on the data plane traffic of the particular data plane entity.