Processing data flows with a data flow processor
First Claim
Patent Images
1. A network apparatus for processing data flows, comprising:
- a chassis;
one or more memories within the chassis; and
one or more network processors within the chassis, the one or more network processors configured to execute instructions stored in the one or more memories to;
receive and forward a stream of data packets in a network;
recognize one or more data packets in the stream of data packets that contain data, including subscriber profile information, to be processed by an application executing on the network apparatus by applying a policy to the data;
define an application suite by storing a plurality of applications in the one or more memories including at least two of;
a virus detection application, an intrusion detection application, a firewall application, a content filtering application, a privacy protection application, and a policy-based browsing application;
select an application of the plurality of applications stored in the one or more memories for processing the stream of data packets based on payloads of the data packets and on the subscriber profile informationexecute the selected application so as to process the stream of data packets by applying the policy to the payloads using machine learning logic to dynamically reconfigure a data flow, resulting in processed data, the machine learning logic configured to;
compare a feature vector of the data flow with each of a plurality of artificial neurons that populate an array with each of the plurality of artificial neurons characterized by a weight vector;
declare the weight vector positioned at the smallest Euclidean distance from the feature vector to be the winning neuron;
map the feature vector to the winning neuron;
repeat the comparing, declaring, and mapping with additional feature vectors to create an output map;
determine whether the data flow is anomalous by determining whether the output map is atypical due to at least one value in the output map being larger or smaller than a threshold in relation to other values in the output map; and
return the processed data for forwarding to a destination in the network.
12 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method to distribute applications and services in and throughout a network and to secure the network includes the functionality of a switch with the ability to apply applications and services to received data according to respective subscriber profiles. Front-end processors, or Network Processor Modules (NPMs), receive and recognize data flows from subscribers, extract profile information for the respective subscribers, utilize flow scheduling techniques to forward the data to applications processors, or Flow Processor Modules (FPMs). The FPMs utilize resident applications to process data received from the NPMs. A Control Processor Module (CPM) facilitates applications processing and maintains connections to the NPMs, FPMs, local and remote storage devices, and a Management Server (MS) module that can monitor the health and maintenance of the various modules.
242 Citations
10 Claims
-
1. A network apparatus for processing data flows, comprising:
-
a chassis; one or more memories within the chassis; and one or more network processors within the chassis, the one or more network processors configured to execute instructions stored in the one or more memories to; receive and forward a stream of data packets in a network; recognize one or more data packets in the stream of data packets that contain data, including subscriber profile information, to be processed by an application executing on the network apparatus by applying a policy to the data; define an application suite by storing a plurality of applications in the one or more memories including at least two of;
a virus detection application, an intrusion detection application, a firewall application, a content filtering application, a privacy protection application, and a policy-based browsing application;select an application of the plurality of applications stored in the one or more memories for processing the stream of data packets based on payloads of the data packets and on the subscriber profile information execute the selected application so as to process the stream of data packets by applying the policy to the payloads using machine learning logic to dynamically reconfigure a data flow, resulting in processed data, the machine learning logic configured to; compare a feature vector of the data flow with each of a plurality of artificial neurons that populate an array with each of the plurality of artificial neurons characterized by a weight vector; declare the weight vector positioned at the smallest Euclidean distance from the feature vector to be the winning neuron; map the feature vector to the winning neuron; repeat the comparing, declaring, and mapping with additional feature vectors to create an output map; determine whether the data flow is anomalous by determining whether the output map is atypical due to at least one value in the output map being larger or smaller than a threshold in relation to other values in the output map; and return the processed data for forwarding to a destination in the network. - View Dependent Claims (2, 3, 7, 8)
-
-
4. A method of processing data flows, comprising:
-
receiving a stream of data packets in a network within a chassis of a network apparatus, the network apparatus comprising at least one network processor and at least one memory; recognizing one or more data packets in the stream of data packets that contain data, including subscriber profile information, to be processed by an application executing on the network apparatus by applying a policy to the data; defining an application suite by storing a plurality of applications in the at least one memory, the plurality of applications including at least two of;
a virus detection application, an intrusion detection application, a firewall application, a content filtering application, a privacy protection application, and a policy-based browsing application;selecting an application of the plurality of applications stored in the at least one memory for processing the stream of data packets based on payloads of the data packets and on the subscriber profile information; executing the selected application so as to process the data by applying the policy to the data using machine learning logic to dynamically reconfigure a data flow, resulting in processed data, the machine learning logic configured to; compare a feature vector of the data flow with each of a plurality of artificial neurons that populate an array with each of the plurality of artificial neurons characterized by a weight vector; declare the weight vector positioned at the smallest Euclidean distance from the feature vector to be the winning neuron; map the feature vector to the winning neuron; repeat the comparing, declaring, and mapping with additional feature vectors to create an output map; determine whether the data flow is anomalous by determining whether the output map is atypical due to at least one value in the output map being larger or smaller than a threshold in relation to other values in the output map; and returning the processed data for forwarding to a destination in the network. - View Dependent Claims (5, 6, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeSymantec Corporation (NortonLifeLock Inc.)
-
InventorsKorsunsky, Yevgeny, Akerman, Moisey
-
Primary Examiner(s)Sison, June
-
Assistant Examiner(s)COONEY, ADAM A
-
Application NumberUS12/982,999Publication NumberTime in Patent Office2,489 DaysField of Search709226US Class CurrentCPC Class CodesG06F 21/55 Detecting local intrusion o...H04L 2463/141 Denial of service attacks a...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1441 Countermeasures against mal...H04L 63/1483 service impersonation, e.g....
