System and method for network data characterization
First Claim
1. A computer-implemented method for network data characterization, comprising:
- receiving a network event and related content;
creating a data message comprising the content and metadata describing the content and the related event;
routing the data message to a plurality of analyzers based on the metadata and one or more subscriptions associated with the plurality of analyzers, wherein the plurality of analyzers include at least one machine-learning analyzer;
receiving the routed data message and analyzing the content therein to generate characterization results comprising a content classification and an associated confidence percentage;
outputting the characterization results of the plurality of analyzers; and
comparing the output characterization results against a plurality of criteria to determine subsequent action to take based on the characterization results, wherein;
the characterization results include metadata describing one or more of the following;
at least one of the plurality of analyzers, the classified content, and the characterization results; and
the subscriptions associated with one of the plurality of analyzers includes at least one message type not included in the subscriptions associated with a different one of the plurality of analyzers.
7 Assignments
0 Petitions
Accused Products
Abstract
Described herein are embodiments of a system and method for network data characterization and/or classification that overcome the defects of the prior art. These and other advantages are achieved by a method for network data characterization. The method includes receiving network events, wherein at least some of the events include content, converting the received content into data messages, in which at least some of the data messages include the content and metadata describing an event and the content, routing the data messages to a plurality of analyzers based on specified message criteria to which each analyzer subscribes, each of one or more analyzers that received the routed data messages analyzing the content within the data messages in order to characterize the content, in which the one or more analyzers include at least one machine-learning analyzer that classifies the content with a confidence percentage that indicates the probability that the content is malign or the confidence that a prediction that the content is malign is correct, outputting the characterization results of the one or more analyzers, and comparing the output characterization results against a plurality of criteria to determine subsequent action to take based on the characterization results.
-
Citations
20 Claims
-
1. A computer-implemented method for network data characterization, comprising:
-
receiving a network event and related content; creating a data message comprising the content and metadata describing the content and the related event; routing the data message to a plurality of analyzers based on the metadata and one or more subscriptions associated with the plurality of analyzers, wherein the plurality of analyzers include at least one machine-learning analyzer; receiving the routed data message and analyzing the content therein to generate characterization results comprising a content classification and an associated confidence percentage; outputting the characterization results of the plurality of analyzers; and comparing the output characterization results against a plurality of criteria to determine subsequent action to take based on the characterization results, wherein; the characterization results include metadata describing one or more of the following;
at least one of the plurality of analyzers, the classified content, and the characterization results; andthe subscriptions associated with one of the plurality of analyzers includes at least one message type not included in the subscriptions associated with a different one of the plurality of analyzers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A sensor for network data characterization, comprising:
-
one or more processors; and at least one memory including instructions for execution by the one or more processors that configure the sensor to; receive a network event and related content; create a data message comprising the content and metadata describing the content and the related event; route the data message to a plurality of analyzers based on the metadata and one or more subscriptions associated with the plurality of analyzers, wherein the plurality of analyzers include at least one machine-learning analyzer; receive the routed data message and analyze the content therein to generate characterization results comprising a content classification and an associated confidence percentage; output the characterization results of the plurality of analyzers; and compare the output characterization results against a plurality of criteria to determine subsequent action to take based on the characterization results, wherein; the characterization results include metadata describing one or more of the following;
at least one of the plurality of analyzers, the classified content, and the characterization results; andthe subscriptions associated with one of the plurality of analyzers includes at least one message type not included in the subscriptions associated with a different one of the plurality of analyzers. - View Dependent Claims (19, 20)
-
Specification