×

Network traffic classification

  • US 9,596,171 B1
  • Filed: 07/19/2016
  • Issued: 03/14/2017
  • Est. Priority Date: 11/11/2015
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
1
Forward Citation
1
Assignment
First Claim
Patent Images

1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer to cause the computer to perform a method, comprising:

  • receiving a data packet from a network source and a network device, including network traffic on one or more of;

    a fixed network, and a mobile network;

    extracting source and destination data from the received data packet using a network collector executing an algorithm, the extracting of source and destination data from the received data packet comprises extracting an IP source, a source port, an IP destination and a destination port from the received data packet;

    determining a user from the extracted source and destination data from the received data packet, the determining the user including extracting from a user data field in the data packet user information associated with the user via the network collector;

    creating a label for the data packet, in response to a determination that the label does not exist for the extracted source and destination data from the received data packet, the label including the extracted source data and historic source data for the determined user, the label includes the source port and a vector comprising last used ports of the determined user;

    calling a chaotic function using the network collector with the label for the received data packet, the calling of a chaotic function with the label for the received data packet comprises calling a Lorenz attractor function with the label for the received data packet;

    calling an alternative function for an output with the label for the received data packet, and updating the label with output of the alternative function, in response to the chaotic function being returned false, and, in response to the chaotic function being returned false, the algorithm being run by the network collector analysing the network flow using one or more of;

    pattern matching using ports, and IP addresses; and

    capturing the output of the chaotic function, in response to the chaotic function being returned true, and updating the label with the output of the chaotic function;

    the updating the label with the output of the chaotic function or with the output of the alternative function comprises extending the vector with the source port, and the output of the chaotic function or the output of the alternative function.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×