Intelligent feedback loop to iteratively reduce incoming network data for analysis
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/26
H04L-029/06
출원번호
US-0626367
(2012-09-25)
등록번호
US-9350762
(2016-05-24)
발명자
/ 주소
Doddapaneni, Ashok Babu
출원인 / 주소
SS8 NETWORKS, INC.
대리인 / 주소
Raj Abhyanker, P.C.
인용정보
피인용 횟수 :
0인용 특허 :
213
초록▼
A method, apparatus and system related to an intelligent feedback loop to iteratively reduce target packet analysis is disclosed. According to one embodiment, a method of a network traffic monitoring system includes processing a flow data received through an aggregation switch of a network traffic m
A method, apparatus and system related to an intelligent feedback loop to iteratively reduce target packet analysis is disclosed. According to one embodiment, a method of a network traffic monitoring system includes processing a flow data received through an aggregation switch of a network traffic monitoring system in a first stage module of the network traffic monitoring system, filtering the flow data to a target data based on a packet classification in the first stage module, determining that a portion of a target data is an extraneous data based on a content filtering algorithm applied in a data processing system of the network traffic monitoring system, and iteratively removing from the target data the extraneous data based on a feedback loop created between the data processing system and the first stage module of the network traffic monitoring system.
대표청구항▼
1. A non-transitory medium, readable through a network traffic monitoring system used by a data interception system and comprising instructions embodied therein that are executable through the network traffic monitoring system, comprising: instructions to process flow data from a computer network re
1. A non-transitory medium, readable through a network traffic monitoring system used by a data interception system and comprising instructions embodied therein that are executable through the network traffic monitoring system, comprising: instructions to process flow data from a computer network received through an aggregation switch of the network traffic monitoring system in a first stage module of the network traffic monitoring system;instructions to identify target network activities of interest to the data interception system;instructions to filter the flow data to target data based on packet classification in the first stage module, the target data being associated with the identified target network activities of interest to the data interception system;instructions to determine that a portion of the target data is extraneous data in a data processing system of the network traffic monitoring system based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, the extraneous data being the portion of the target data that is determined to be: irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module;instructions to extract metadata associated with the target data in the data processing system;instructions to produce, through the data processing system, a set of regular expressions describing a search pattern in the target data;instructions to analyze the target data to discover an action of interest in the set of regular expressions associated with a target individual in the data processing system, the action of interest corresponding to an identified target network activity of interest; andinstructions to utilize, through the data processing system, instructions to monitor the computer network for specific network activities of interest to the data interception system, the instructions to monitor the computer network for the specific network activities of interest comprising instructions to iteratively remove from the target data the extraneous data based on creating a feedback loop between the data processing system and the first stage module of the network traffic monitoring system, the feedback loop being a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, and the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. 2. The non-transitory medium of claim 1, further comprising: instructions to apply a zero-copy driver and a use buffer in at least one of the first stage module and the data processing system; andinstructions to reduce processing power and memory usage through the application of the zero-copy driver and the use buffer in the data processing system. 3. The non-transitory medium of claim 1, further comprising: instructions to communicate the extraneous portion of the target data from the data processing system to the first stage module following the content filtering. 4. The non-transitory medium of claim 1, wherein the instructions to determine that the portion of the target data is the extraneous data further comprises at least one of: instructions to perform static filtering of the flow data based on an internet protocol analysis and a port analysis in the first stage module;instructions to map the flow data having a variable length into an ordered list of elements having a fixed length of the flow data in the first stage module; andinstructions to dynamically filter the flow data in the first stage module based on the removal of the extraneous data communicated from the data processing system. 5. The non-transitory medium of claim 4, further comprising at least one of: instructions to buffer the target data in a random access memory in the data processing system; andinstructions to determine a communication mode between the data processing system and the dynamic filtering of the first stage module so that a request to remove the extraneous data is executable. 6. The non-transitory medium of claim 1, further comprising: instructions to communicate the extracted metadata to a data retention server; andinstructions to communicate the set of regular expressions to a master controller. 7. The non-transitory medium of claim 6, wherein the action of interest is subject to a governmental permission as to how the action of interest is usable in the data interception system. 8. A network traffic monitoring system used by a data interception system comprising: an aggregation switch to consolidate flow data from a computer network;a processing module to identify target network activities of interest to the data interception system;a first stage module to filter the flow data to target data based on packet classification therein, the target data being associated with the identified target network activities of interest to the data interception system; anda data processing system comprising a processor and a memory to determine that a portion of the target data is extraneous data based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, to utilize instructions to monitor the computer network for specific network activities of interest to the data interception system, to extract metadata associated with the target data, to produce a set of regular expressions describing a search pattern in the target data, to analyze the target data to discover an action of interest corresponding to an identified target network activity of interest in the set of regular expressions associated with a target individual in the data processing system, and to iteratively remove from the target data the extraneous data based on forming a feedback loop between the data processing system and the first stage module, the extraneous data being the portion of the target data that is determined to be: irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module,wherein the feedback loop is a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. 9. The network traffic monitoring system of claim 8, wherein the first stage module is further configured to at least one of: perform static filtering of the flow data based on an internet protocol analysis and a port analysis,map the flow data having a variable length into an ordered list of elements having a fixed length of the flow data, anddynamically filter the flow data based on the removal of the extraneous data communicated from the data processing system. 10. The network traffic monitoring system of claim 9, wherein the data processing system is further configured to at least one of: apply a zero-copy driver and a use buffer,reduce processing power and memory usage through the application of the zero-copy driver and the use buffer,buffer the target data in a random access memory, anddetermine a communication mode between the data processing system and the dynamic filtering of the first stage module so that a request to remove the extraneous data is executable. 11. The network traffic monitoring system of claim 8, wherein the data processing system is further configured to at least one of: communicate the extracted metadata to a data retention server, andcommunicate the set of regular expressions to a master controller. 12. The network traffic monitoring system of claim 11, wherein the action of interest is subject to a governmental permission as to how the action of interest is usable in the data interception system. 13. A method of a network traffic monitoring system used by a data interception system comprising: processing flow data from a computer network received through an aggregation switch of the network traffic monitoring system in a first stage module of the network traffic monitoring system;identifying target network activities of interest to the data interception system;filtering the flow data to target data based on packet classification in the first stage module, the target data being associated with the identified target network activities of interest to the data interception system;determining that a portion of the target data is extraneous data in a data processing system of the network traffic monitoring system based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, the extraneous data being the portion of the target data that is determined to be: irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module;extracting metadata associated with the target data in the data processing system;producing, through the data processing system, a set of regular expressions describing a search pattern in the target data;analyzing the target data to discover an action of interest in the set of regular expressions associated with a target individual in the data processing system, the action of interest corresponding to an identified target network activity of interest; andutilizing, through the data processing system, instructions to monitor the computer network for specific network activities of interest to the data interception system, the monitoring of the computer network for the specific network activities of interest comprising iteratively removing from the target data the extraneous data based on creating a feedback loop between the data processing system and the first stage module of the network traffic monitoring system, the feedback loop being a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, and the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. 14. The method of claim 13, further comprising: communicating the extraneous portion of the target data from the data processing system to the first stage module following the content filtering. 15. The method of claim 13, further comprising: performing static filtering of the flow data based on an internet protocol analysis and a port analysis in the first stage module;mapping the flow data having a variable length into an ordered list of elements having a fixed length of the flow data in the first stage module; anddynamically filtering the flow data in the first stage module based on the removal of the extraneous data communicated from the data processing system. 16. The method of claim 15, further comprising at least one of: applying a zero-copy driver and a use buffer in the data processing system;reducing processing power and memory usage through the application of the zero-copy driver and the use buffer in the data processing system;buffering the target data in a random access memory in the data processing system; anddetermining a communication mode between the data processing system and the dynamic filtering of the first stage module so that a request to remove the extraneous data is executable. 17. The method of claim 13, further comprising at least one of: communicating the extracted metadata to a data retention server; andcommunicating the set of regular expressions to a master controller. 18. The method of claim 17, wherein the action of interest is subject to a governmental permission as to how the action of interest is usable in the data interception system.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (213)
Ghannadian, Farzad; Fang, Li; Quinn, Michael J., Adaptive, flow-based network traffic measurement and monitoring system.
Kracht, James E., Approaches for determining actual physical topology of network based on gathered configuration information representing true neighboring devices.
Chheda, Mahendra M.; Heidel, Shawn E.; Jaye, Robert B.; Brindley-Koonce, Justin K.; Brandwine, Eric Jason, Best practice analysis, third-party plug-ins.
Cai, Yigang; Chen, Xu, Call control component employment of one or more criteria for internet protocol call selection for eavesdrop component monitoring.
Bondy,William M.; Jones,Wesley Stuart; Silverman,Shmuel; Wiatrak,Bruce Martin; Liss,Raymond M.; Moran,Timothy L.; Nodell,Howard; Hug,Robert Gerald, Communication network with a collection gateway and method for providing surveillance services.
Flewallen, Steven Adams; Johnson, David Nephi; Burch, Lloyd Leon; Fjeldsted, Benjamin Clark; Beus, David Kent; Sriram, Thiruvarangam Viswanathan, Control of communication ports of computing devices using policy-based decisions.
Adelstein, Frank N.; Powers, Judson; Joyce, Robert A.; Bronner, Derek, Extensible software tool for investigating peer-to-peer usage on a target device.
Tanimoto, Yoshifumi, File server device arranged in a local area network and being communicable with an external server arranged in a wide area network.
Barney Matthew F., Intelligent agent for identifying intellectual property infringement issues in computer network sites and method of operation thereof.
Shen, Jennifer Iting; Shahine, Omar H.; Kafka, Steven D.; Telehowski, Jennie Park; Gillum, Eliot; Yang, Sara Liu, Leveraging communications to identify social network friends.
Sim-Tang, Siew Yong; Fraisl, Daniel J.; Hoeber, Anthony N., Management interface for a system that provides automated, real-time, continuous data protection.
Moisand, Jerome Pascal; Onishi, Steven; Kokot, Mathias; DeRuijter, Denis Henk, Managing a network flow using application classification information and active signaling relay.
James E. Kracht, Mechanism for determining actual physical topology of network based on gathered configuration information representing true neighboring devices.
Knight Greg ; Nicholson Robert Bruce, Method and apparatus for analyzing a storage network based on incomplete information from multiple respective controllers.
Cohen,Ron; Snir,Yoram; Schnizlein,John, Method and apparatus for automatically establishing bi-directional differentiated services treatment of flows in a network.
Aggarwal Ajay (Somersworth NH) Scott Walter (Salem NH) Rustici Eric (Londonderry NH) Bucciero David (Nashua NH) Haskins Andrew (Lee NH) Matthews Wallace (Exeter NH), Method and apparatus for determining a communications path between two nodes in an Internet Protocol (IP) network.
Arad Naveh ; Itzhak Parnafes ; Shai Mohaban ; Steven M. Woo, Method and apparatus for policy-based management of quality of service treatments of network data traffic flows by integrating policies with application programs.
Hanson, Aaron D.; Sturniolo, Emil A.; Menn, Anatoly; Olson, Erik D.; Savarese, Joseph T., Method and apparatus for providing mobile and other intermittent connectivity in a computing environment.
Sutou, Hiromi; Kontani, Tsutomu, Method and apparatus for remotely controlling a terminal by a control terminal and storing control history information at the terminal being remotely controlled.
Barclay, Deborah Lewandowski; Benco, David S.; Mahajan, Sanjeev; McRoberts, Thomas Lee; Ruggerio, Raymond Leroy, Method and apparatus for surveillance of voice over internet protocol communications.
Wheeler, Maxon R.; Camp, II, William N.; Mamitsuka, Lien T.; Mitra, Christopher A.; Putterman, Scott I.; Wei, Kai, Method and system for intermediating content provider website and mobile device.
Duimovich,Frank; Godin,Benoit; Col찼sante,Frederico; Hashim,Mohamed, Method and system for managing performance of data transfers for a data access system.
Bragagnini, Andrea; Buffa, Diego; Pellegrino, Paolo; Scevola, Luca; Shohat, Drory; Sadan, Zac; Gilboa, Niv, Method and system for secure communication between a public network and a local network.
Boysko, Glenn J.; Hurwood, William; Li, Benjamin Z.; Warikoo, Abhimanyu, Method and system for security and user account integration by reporting systems with remote repositories.
Brown, Martin; Griffith, Tim Peter; Knibb, David Evans; Heritage, Ian Derek, Method and system for simulating latency between layers of multi-tier applications.
Ramakrishnan, Karthik; Collett, Ian Gordon; Rahim, Rubens, Method for implementing an internet protocol (IP) charging and rating middleware platform and gateway system.
Hao,Ming C.; Dayal,Umeshwar; Cotting,Daniel; Gross,Markus; Holenstein,Thomas; Ono,Brian; Karp,Alan, Method for visualizing graphical data sets having a non-uniform graphical density for display.
Cadiou, Jean-François; Bonnamy, Jean-Michel; Hamchaoui, Isabelle; Chaplain, René, Method of configuring parameters for managing data packets of a data stream.
Logan, James D.; Palmer, Mark; Call, Charles G., Methods and apparatus for creating, combining, distributing and reproducing program content for groups of participating users.
Croft, Richard Jason; Low, Anthony Edward; Mazzaferri, Richard James; Robinson, David Neil; Pedersen, Bradley J., Methods and systems for providing remote access to a computing environment provided by a virtual machine.
Kayashima,Makoto; Fujiyama,Tatsuya; Terada,Masato; Watanabe,Yoshinori; Ogino,Takaaki, Network management system for generating setup information for a plurality of devices based on common meta-level information.
Moisand, Jerome P.; Frailong, Jean-Marc; Narayanaswamy, Krishna; Melamud, Oren; Kirner, Paul J., Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane.
O'Steen,Roberta R.; Reddick,Linda; Hodges, Jr.,Charles Y.; Walters,Jon Timothy; Huff,Leslie, System and method for automated network element database population.
Nielsen Christopher Robbins ; Poston Ricky Lee ; Stair Stephen Gray ; Tsao I-Hsing, System and method for displaying the contents of a web page based on a user's interests.
Martinez, Ronald; Davis, Marc Eliot; Spiegelman, Michael; Paretti, Christopher T.; Ghezzi, Nicola Stefano; Higgins, Christopher William; Kalaboukis, Chris, System and method for distributing media related to a location.
Jamjoom, Hani T.; Podlaseck, Mark E.; Qu, Huiming; Ruan, Yaoping; Shae, Zon-Yin; Sheopuri, Anshul, System and method for dynamic rescheduling of multiple varying resources with user social mapping.
Jamjoom, Hani T.; Podlaseck, Mark E.; Qu, Huiming; Ruan, Yaoping; Shae, Zon-Yin; Sheopuri, Anshul, System and method for dynamic rescheduling of multiple varying resources with user social mapping.
Soles, William E.; Leon E. Morgan Jr.; Anth, Arthur J.; Thompson, Marion B.; O'Shea, Edward T.; Garguilo, Frank E.; Bowlin, Amy H.; Morgan, Joseph, System and method for evaluating the performance of a computer application.
Schuetze, Hinrich; Chen, Francine R.; Pirolli, Peter L.; Pitkow, James E.; Chi, Ed H.; Li, Jun, System and method for identifying similarities among objects in a collection.
Glade, Bradford B.; Harvey, David W.; Kemeny, John; Waxman, Matthew D., System and method for managing provisioning of storage resources in a network with virtualization of resources in such a network.
Johnson Charles George ; Lakshmi-Ratan Ramnath A. ; Lanning Steven G. ; Renger Bernard S L, System and method for monitoring information flow and performing data collection.
Davis,Owen; Jain,Vidyut, System and method for monitoring the use of a resource by a client connected to a computer network having one or more servers in communication with one or more clients.
Wittenstein, Andreas; Eynon, Mike; Mather, Laura; Lloyd, Jim; Frantz, Matt, System and method for network security including detection of attacks through partner websites.
Begeja, Lee; Liu, Zhu; Renger, Bernard S.; Shahraray, Behzad; Basso, Andrea; Gibbon, David C.; Kumar, Sumit; Zavesky, Eric, System and method for notification of events of interest during a video conference.
Ignatius,Paul; Prahlad,Anand; Tyagarajan,Mahesh; Vijayan Retnamma,Manoj; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device.
Agarwal Neeraj ; Perret Pierre ; McMenemy Michael G., Systems and methods for monitoring distributed applications including an interface running in an operating system kernel.
Ansell Steven T. ; Cherenson Andrew R., Territorial determination of remote computer location in a wide area network for conditional delivery of digitized products.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.