US 9,813,432 B2
Tracking anomaly propagation at the network level
Sukrit Dasgupta, Norwood, MA (US); and Jean-Philippe Vasseur, Saint Martin d'Uriage (FR)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jan. 23, 2015, as Appl. No. 14/604,175.
Prior Publication US 2016/0218949 A1, Jul. 28, 2016
Int. Cl. G06F 15/16 (2006.01); H04L 29/06 (2006.01); G06F 11/34 (2006.01)
CPC H04L 63/1416 (2013.01) [G06F 11/3409 (2013.01); G06F 11/3466 (2013.01); G06F 2201/86 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method comprising:
monitoring, by a device in a network and based on receiving registration information for a particular application, one or more application-centric metrics regarding network traffic between an application server hosting the particular application and a client device accessing the application server, the application-centric metrics indicative of a behavior of the particular application;
detecting, by the device, an application-centric anomaly based on the monitored one or more application-centric metrics by comparing the behavior of the particular application to a machine learning based model that models traffic behaviors of the particular application; and
causing, by the device, an anomaly mitigation action to be performed in the network, in response to detecting the application-centric anomaly by comparing the behavior of the particular application to the machine learning based model.