US 12,155,526 B1
Deploying network anomaly detection systems based on endpoint criticality
Sofia Karygianni, Dubendorf (CH); Andrea Di Pietro, Frejus (FR); and Sukrit Dasgupta, Norfolk, MA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on May 12, 2023, as Appl. No. 18/196,705.
Int. Cl. G06F 15/173 (2006.01); H04L 41/0681 (2022.01); H04L 41/22 (2022.01)
CPC H04L 41/0681 (2013.01) [H04L 41/22 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
determining, by a device, a criticality of each of a plurality of endpoints in a network, based on network telemetry data regarding the network, wherein the criticality of each of the plurality of endpoints corresponds to a severity of consequences an anomaly would have respectively on each of the plurality of endpoints as compared to other endpoints of the plurality of endpoints;
translating, by the device, a plurality of anomaly detection models available for deployment to the network and their metadata into a set of adjustable resources;
generating, by the device, an anomaly detection deployment strategy for the network by selecting a set of one or more of the plurality of anomaly detection models for deployment to one or more execution points in the network, based on the criticality of each of the plurality of endpoints and on the set of adjustable resources; and
causing, by the device, the set to be deployed to the one or more execution points in the network, in accordance with the anomaly detection deployment strategy.