System and method for efficient classification and processing of network traffic
DCFirst Claim
1. A system for classifying flows of communication packets from a network, the system comprising:
- a classification processor that receives unclassified input flows of communication packets from a front-end processor and assigns a classification to a given unclassified input flow that indicates whether the input flow is to be analyzed by a flow analysis processor,wherein the classification is assigned by the classification processor based on less than 5% of the input packets of the given input flow,wherein the classification processor assigns a first classification to a first unclassified input flow that indicates whether the first flow is to be analyzed by the flow analysis processor based on information produced in assigning a second classification to a second unclassified input flow, andwherein the classification processor identifies a server-side address and a client-side address in the second input flow, and uses the identified server-side and client-side addresses in assignment of the first classification to the first input flow.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.
-
Citations
12 Claims
-
1. A system for classifying flows of communication packets from a network, the system comprising:
-
a classification processor that receives unclassified input flows of communication packets from a front-end processor and assigns a classification to a given unclassified input flow that indicates whether the input flow is to be analyzed by a flow analysis processor, wherein the classification is assigned by the classification processor based on less than 5% of the input packets of the given input flow, wherein the classification processor assigns a first classification to a first unclassified input flow that indicates whether the first flow is to be analyzed by the flow analysis processor based on information produced in assigning a second classification to a second unclassified input flow, and wherein the classification processor identifies a server-side address and a client-side address in the second input flow, and uses the identified server-side and client-side addresses in assignment of the first classification to the first input flow. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for classifying flows of communication packets from a network, the method comprising:
-
receiving, by a classification processor, unclassified input flows of communication packets from a front-end processor; and assigning a classification to a given unclassified input flow, by the classification processor, wherein the classification assigned determines whether the given input flow is to be analyzed by a flow analysis processor, wherein assigning a classification comprises assigning a first classification to a first unclassified input flow, by the classification processor, that indicates whether the first flow is to be analyzed by the flow analysis processor based on information produced in assigning a classification to a second unclassified input flow, wherein assigning the second classification to the second input flow comprises identifying a server-side address and a client-side address in the second input flow, and wherein assigning the first classification to the first input flow is performed using the identified server-side and client-side addresses. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification