Intelligent feedback loop to iteratively reduce incoming network data for analysis
First Claim
1. A non-transitory medium, readable through a network traffic monitoring system used by a data interception system and comprising instructions embodied therein that are executable through the network traffic monitoring system, comprising:
- instructions to process flow data from a computer network received through an aggregation switch of the network traffic monitoring system in a first stage module of the network traffic monitoring system;
instructions to identify target network activities of interest to the data interception system;
instructions to filter the flow data to target data based on packet classification in the first stage module, the target data being associated with the identified target network activities of interest to the data interception system;
instructions to determine that a portion of the target data is extraneous data in a data processing system of the network traffic monitoring system based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, the extraneous data being the portion of the target data that is determined to be;
irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module;
instructions to extract metadata associated with the target data in the data processing system;
instructions to produce, through the data processing system, a set of regular expressions describing a search pattern in the target data;
instructions to analyze the target data to discover an action of interest in the set of regular expressions associated with a target individual in the data processing system, the action of interest corresponding to an identified target network activity of interest; and
instructions to utilize, through the data processing system, instructions to monitor the computer network for specific network activities of interest to the data interception system, the instructions to monitor the computer network for the specific network activities of interest comprising instructions to iteratively remove from the target data the extraneous data based on creating a feedback loop between the data processing system and the first stage module of the network traffic monitoring system, the feedback loop being a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, and the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system related to an intelligent feedback loop to iteratively reduce target packet analysis is disclosed. According to one embodiment, a method of a network traffic monitoring system includes processing a flow data received through an aggregation switch of a network traffic monitoring system in a first stage module of the network traffic monitoring system, filtering the flow data to a target data based on a packet classification in the first stage module, determining that a portion of a target data is an extraneous data based on a content filtering algorithm applied in a data processing system of the network traffic monitoring system, and iteratively removing from the target data the extraneous data based on a feedback loop created between the data processing system and the first stage module of the network traffic monitoring system.
344 Citations
18 Claims
-
1. A non-transitory medium, readable through a network traffic monitoring system used by a data interception system and comprising instructions embodied therein that are executable through the network traffic monitoring system, comprising:
-
instructions to process flow data from a computer network received through an aggregation switch of the network traffic monitoring system in a first stage module of the network traffic monitoring system; instructions to identify target network activities of interest to the data interception system; instructions to filter the flow data to target data based on packet classification in the first stage module, the target data being associated with the identified target network activities of interest to the data interception system; instructions to determine that a portion of the target data is extraneous data in a data processing system of the network traffic monitoring system based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, the extraneous data being the portion of the target data that is determined to be;
irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module;instructions to extract metadata associated with the target data in the data processing system; instructions to produce, through the data processing system, a set of regular expressions describing a search pattern in the target data; instructions to analyze the target data to discover an action of interest in the set of regular expressions associated with a target individual in the data processing system, the action of interest corresponding to an identified target network activity of interest; and instructions to utilize, through the data processing system, instructions to monitor the computer network for specific network activities of interest to the data interception system, the instructions to monitor the computer network for the specific network activities of interest comprising instructions to iteratively remove from the target data the extraneous data based on creating a feedback loop between the data processing system and the first stage module of the network traffic monitoring system, the feedback loop being a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, and the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network traffic monitoring system used by a data interception system comprising:
-
an aggregation switch to consolidate flow data from a computer network; a processing module to identify target network activities of interest to the data interception system; a first stage module to filter the flow data to target data based on packet classification therein, the target data being associated with the identified target network activities of interest to the data interception system; and a data processing system comprising a processor and a memory to determine that a portion of the target data is extraneous data based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, to utilize instructions to monitor the computer network for specific network activities of interest to the data interception system, to extract metadata associated with the target data, to produce a set of regular expressions describing a search pattern in the target data, to analyze the target data to discover an action of interest corresponding to an identified target network activity of interest in the set of regular expressions associated with a target individual in the data processing system, and to iteratively remove from the target data the extraneous data based on forming a feedback loop between the data processing system and the first stage module, the extraneous data being the portion of the target data that is determined to be;
irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module,wherein the feedback loop is a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of a network traffic monitoring system used by a data interception system comprising:
-
processing flow data from a computer network received through an aggregation switch of the network traffic monitoring system in a first stage module of the network traffic monitoring system; identifying target network activities of interest to the data interception system; filtering the flow data to target data based on packet classification in the first stage module, the target data being associated with the identified target network activities of interest to the data interception system; determining that a portion of the target data is extraneous data in a data processing system of the network traffic monitoring system based on classifying the target data according to an analysis of protocols associated therewith through a hardware component of the data processing system, the extraneous data being the portion of the target data that is determined to be;
irrelevant in the network traffic monitoring system used by the data interception system and innocuous with respect to a threat level thereof based on the classification of the target data, and the data processing system being commodity hardware in a second stage of the network traffic monitoring system communicatively coupled to the first stage module;extracting metadata associated with the target data in the data processing system; producing, through the data processing system, a set of regular expressions describing a search pattern in the target data; analyzing the target data to discover an action of interest in the set of regular expressions associated with a target individual in the data processing system, the action of interest corresponding to an identified target network activity of interest; and utilizing, through the data processing system, instructions to monitor the computer network for specific network activities of interest to the data interception system, the monitoring of the computer network for the specific network activities of interest comprising iteratively removing from the target data the extraneous data based on creating a feedback loop between the data processing system and the first stage module of the network traffic monitoring system, the feedback loop being a control system configured to adjust operation thereof between an actual output and a desired output of the data processing system, and the feedback loop involving a modification in data processing through the first stage module to effect the desired output of the data processing system. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification