	US 11,909,741 B2
	Validating a device class claim using machine learning
Brian E. Weis, San Jose, CA (US); Blake Harrell Anderson, Chapel Hill, NC (US); Rashmikant B. Shah, San Jose, CA (US); and David McGrew, Poolesville, MD (US)
Assigned to CISCO TECHNOLOGY, INC., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on May 26, 2021, as Appl. No. 17/330,641.
Application 17/330,641 is a continuation of application No. 15/595,016, filed on May 15, 2017, granted, now 11,038,893.
Prior Publication US 2021/0297454 A1, Sep. 23, 2021
Int. Cl. H04L 29/06 (2006.01); G06N 99/00 (2019.01); H04L 9/40 (2022.01); G06N 20/00 (2019.01)

CPC H04L 63/104 (2013.01) [G06N 20/00 (2019.01); H04L 63/20 (2013.01)]

17 Claims

1. A method, comprising:

receiving, at a device in a network, an access policy and a machine learning-based class behavioral model for a node in the network that are associated with a class that is associated with a Manufacturer Usage Description (MUD) Universal Resource Identifier (URI) asserted by the node, wherein the class behavioral model is generated based on traffic data observed from one or more devices of the class asserted by the node and on synthetic traffic data formed from the access policy associated with the class asserted by the node;

applying, by the device, the access policy and class behavioral model to traffic associated with the node;

identifying, by the device, a deviation in a behavior of the node from the class behavioral model, based on the applying of the class behavioral model to the traffic associated with the node; and

causing, by the device, performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.