Hardware accelerated application-based pattern matching for real time classification and recording of network traffic
First Claim
1. A system, comprising:
- a shared memory that includes a plurality of slots to transiently store network data packets;
a packet capture repository utilizing a non-transitory storage medium;
an indexing database utilizing a non-transitory storage medium;
a pattern matching processing unit to generate preclassification data for the network data packets utilizing pattern matching analysis, wherein the pattern matching processing unit includes a graphical processing unit with multiple cores to analyze multiple network data packets in parallel; and
at least one processing unit that implements;
a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to the packet capture repository when the slots in the shared memory are full;
a preclassification process that request from the pattern matching processing unit the preclassification data; and
an indexing process to;
determine, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, such that the indexing process resources are dedicated to further analyzing network data packets of greater concern, andperform at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database.
10 Assignments
0 Petitions
Accused Products
Abstract
An indexing database utilizes a non-transitory storage medium. A pattern matching processing unit generates preclassification data for the network data packets utilizing pattern matching analysis. At least one processing unit implements a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to a packet capture repository when slots in a shared memory are full. A preclassification process requests from the pattern matching processing unit the preclassification data. An indexing process determines, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, and performs at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database.
246 Citations
9 Claims
-
1. A system, comprising:
-
a shared memory that includes a plurality of slots to transiently store network data packets; a packet capture repository utilizing a non-transitory storage medium; an indexing database utilizing a non-transitory storage medium; a pattern matching processing unit to generate preclassification data for the network data packets utilizing pattern matching analysis, wherein the pattern matching processing unit includes a graphical processing unit with multiple cores to analyze multiple network data packets in parallel; and at least one processing unit that implements; a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to the packet capture repository when the slots in the shared memory are full; a preclassification process that request from the pattern matching processing unit the preclassification data; and an indexing process to; determine, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, such that the indexing process resources are dedicated to further analyzing network data packets of greater concern, and perform at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification