Network data processing driver for a cognitive artifical intelligence system
First Claim
Patent Images
1. A computer-implemented method to generate a logical network topology for a network, the method comprising:
- receiving a first stream of data from a data collector within a network, the first stream of data obtained from a data source within the network;
identifying a packet header from the first stream of data and extracting address information from the packet header;
separating the extracted address information into multiple components and converting the separated address information components to feature values;
normalizing the feature values, the feature values associated with the data source;
generating, via a neuro-linguistic model, patterns associated with the normalized feature values and related to network traffic attributes;
generating statistics from the patterns;
generating a logical network topology based on the generated statistics;
generating a context-aware description of network activity based at least in part on a mapping of the normalized feature values in the logical network topology to corresponding network components;
detecting an anomaly in the network activity based on the patterns, wherein the anomaly is associated with a network attack;
generating an alert signal in response to detecting the anomaly, the alert signal representing a context-aware description of the anomaly; and
sending the alert signal.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for processing data collected from network components for analysis by a machine learning engine of a Cognitive AI System. A network data processing driver receives a stream of data from a data collector which obtains data from one or more network data sources. The driver normalizes the stream of data to one or more feature values each corresponding to the network data sources and generates a sample vector from the feature values. The sample vector is formatted to be analyzed by the machine learning engine.
-
Citations
11 Claims
-
1. A computer-implemented method to generate a logical network topology for a network, the method comprising:
-
receiving a first stream of data from a data collector within a network, the first stream of data obtained from a data source within the network; identifying a packet header from the first stream of data and extracting address information from the packet header; separating the extracted address information into multiple components and converting the separated address information components to feature values; normalizing the feature values, the feature values associated with the data source; generating, via a neuro-linguistic model, patterns associated with the normalized feature values and related to network traffic attributes; generating statistics from the patterns; generating a logical network topology based on the generated statistics; generating a context-aware description of network activity based at least in part on a mapping of the normalized feature values in the logical network topology to corresponding network components; detecting an anomaly in the network activity based on the patterns, wherein the anomaly is associated with a network attack; generating an alert signal in response to detecting the anomaly, the alert signal representing a context-aware description of the anomaly; and sending the alert signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification