Presented herein are techniques for correlating the output of a crowd counting machine learning (ML) algorithm, which operates on surveillance video, with observed network load to determine if a load spike is due to a valid network usage or an attacker trying to sabotage the network. The techniques presented herein include vision field classification based on access point (AP) coverage, linking of vision fields to AP coverage in DNAC UI, and consensus-based threat assessment and alerts.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.