Transparent application-layer/os deeper packet inspector
| DWPI Title: Method for performing deep packet inspection in network, involves aggregating classification information, and correlating normalized classification data and extracted metadata of big-data cluster to other data sets using common information model form |
| Abstract: A computer-implemented method of deep packet inspection (DPI) in a network is provided. The method comprises collecting data packets comprising a number of traffic flows from a number of devices via a number of traffic taps and classifying each traffic flow according to data about network protocol layers of the packets comprising the traffic flow. Application layer metadata is extracted from the packets. Traffic flow classification data and the extracted metadata are ingested into a data cluster and normalized. The normalized classification data and extracted metadata is then correlated to other data sets. |
| Use: Method for performing deep packet inspection (DPI) in network of client devices e.g. computers, workstations, or network computers, by utilizing advanced security components such as next generation firewall (NGFW), intrusion detection systems (IDS), intrusion prevention systems (IPS). Uses include but are not limited to small networks, traditional IT networks, operation technology networks, and fifth generation (5G ) networks. |
| Advantage: The method enables allowing direct access to user-space resources and applications, avoiding context switching between kernel and user-space, thus providing scalability to achieve higher throughput DPI. |
| Novelty: The method (600) involves extracting application layer metadata from mirrored data, and aggregating classification information for traffic flows and extracted metadata for each traffic flow to generate a big-data cluster (616). Traffic flow classification data and the extracted metadata of the cluster are ingested (618). The cluster is normalized (620) to represent the classification and metadata in a common information model (CIM) form. The normalized data and metadata are correlated (622) to other data sets using the CIM form of the normalized classification and data of the big- data cluster, where respective DPI applications are pinned to CPUs. |
| Filed: 8/12/2021 |
| Application Number: US17401211A |
| Tech ID: SD 15497.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |