Performance enhancements for finding top traffic patterns

Assignee

• ARBOR NETWORKS, INC. · US

Inventors

• David Watson · Ann Arbor, US
• Lawrence Bruce Huston, III · Ann Arbor, US
• James E. Winquist · Ypsilanti, US
• Jeremiah Martell · Ann Arbor, US
• Nicholas Scott · Ann Arbor, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L43/12
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration. A determination is made if the unidimensional node corresponding to the multidimentional node is included in the compressed set of unidimensional nodes.