TECHNIQUES FOR DATA ROUTING AND MANAGEMENT USING RISK CLASSIFICATION AND DATA SAMPLING
First Claim
1. A computer-implemented method, comprising:
- selecting, by a computer system connected via a network, a traffic sample of data traversing the network;
processing, by the computer system, the traffic sample using a plurality of risk classifiers, by;
determining a plurality of attributes of the traffic sample;
identifying a corresponding subset of the plurality of risk classifiers for the plurality of attributes;
generating, based at least in part on the corresponding subset of risk classifiers, the plurality of attributes, and the traffic sample, a plurality of risk level components; and
combining the plurality of risk level components to generate an overall risk level for the traffic sample; and
causing, by the computer system, routing on the network of the data based at least in part on the overall risk level.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
selecting, by a computer system connected via a network, a traffic sample of data traversing the network; processing, by the computer system, the traffic sample using a plurality of risk classifiers, by; determining a plurality of attributes of the traffic sample; identifying a corresponding subset of the plurality of risk classifiers for the plurality of attributes; generating, based at least in part on the corresponding subset of risk classifiers, the plurality of attributes, and the traffic sample, a plurality of risk level components; and combining the plurality of risk level components to generate an overall risk level for the traffic sample; and causing, by the computer system, routing on the network of the data based at least in part on the overall risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
at least one computing device that implement one or more services that at least; generate a traffic sample from data traversing a network associated with the at least one computing device; select a plurality of attributes of the traffic sample; associate a corresponding plurality of risk classifiers with the plurality of attributes; process the traffic sample using at least a subset of the plurality of risk classifiers to generate a corresponding plurality of risk level components; and determine an overall risk level for the traffic sample based at least in part on the risk level components. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, upon execution by one or more processors of a computer system, cause the computer system to at least:
-
determine, from data transiting from a source to a destination on a network associated with the computer system, a traffic sample; generate a replicated traffic sample from the traffic sample; process, based at least in part on a characteristic of the destination, the replicated traffic sample by at least comparing an expected behavior of the replicated traffic sample with an observed behavior of the replicated traffic sample; and based at least in part on the observed behavior differing from the expected behavior, initiate a mitigation measure for the data. - View Dependent Claims (16, 17, 18, 20)
-
Specification