Network data processing driver for a cognitive artifical intelligence system
First Claim
Patent Images
1. A computer-implemented method to generate a logical network topology for a network, the method comprising:
- receiving a first stream of data from a data collector within a network, the first stream of data obtained from a data source within the network;
identifying a packet header from the first stream of data and extracting address information from the packet header;
separating the extracted address information into multiple components and converting the separated address information components to feature values;
normalizing the feature values, the feature values associated with the data source;
generating, via a neuro-linguistic model, patterns associated with the normalized feature values and related to network traffic attributes;
generating statistics from the patterns;
generating a logical network topology based on the generated statistics;
generating a context-aware description of network activity based at least in part on a mapping of the normalized feature values in the logical network topology to corresponding network components;
detecting an anomaly in the network activity based on the patterns, wherein the anomaly is associated with a network attack;
generating an alert signal in response to detecting the anomaly, the alert signal representing a context-aware description of the anomaly; and
sending the alert signal.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for processing data collected from network components for analysis by a machine learning engine of a Cognitive AI System. A network data processing driver receives a stream of data from a data collector which obtains data from one or more network data sources. The driver normalizes the stream of data to one or more feature values each corresponding to the network data sources and generates a sample vector from the feature values. The sample vector is formatted to be analyzed by the machine learning engine.
-
Citations
11 Claims
-
1. A computer-implemented method to generate a logical network topology for a network, the method comprising:
-
receiving a first stream of data from a data collector within a network, the first stream of data obtained from a data source within the network; identifying a packet header from the first stream of data and extracting address information from the packet header; separating the extracted address information into multiple components and converting the separated address information components to feature values; normalizing the feature values, the feature values associated with the data source; generating, via a neuro-linguistic model, patterns associated with the normalized feature values and related to network traffic attributes; generating statistics from the patterns; generating a logical network topology based on the generated statistics; generating a context-aware description of network activity based at least in part on a mapping of the normalized feature values in the logical network topology to corresponding network components; detecting an anomaly in the network activity based on the patterns, wherein the anomaly is associated with a network attack; generating an alert signal in response to detecting the anomaly, the alert signal representing a context-aware description of the anomaly; and sending the alert signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntellective Ai, Inc.
-
Original AssigneeOmni AI, Inc.
-
InventorsYang, Tao, Seow, Ming-Jung
-
Primary Examiner(s)Lee, Gil H.
-
Application NumberUS15/481,320Publication NumberTime in Patent Office929 DaysField of SearchUS Class CurrentCPC Class CodesG06N 20/00 Machine learningH04L 41/12 Discovery or management of ...H04L 41/142 using statistical or mathem...H04L 41/16 using machine learning or a...H04L 43/04 Processing captured monitor...H04L 67/10 in which an application is ...
