Packet metadata capture in a software-defined network
US-2021194894-A1 · Jun 24, 2021 · US
Ai/ml approach for DDOS prevention on 5G CBRS networks
US12041077B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12041077-B2 |
| Application number | US-202117160164-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 27, 2021 |
| Priority date | Jan 27, 2021 |
| Publication date | Jul 16, 2024 |
| Grant date | Jul 16, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example method includes collecting, in a closed network, raw network traffic from one or more devices in the closed network, extracting metadata from the raw network traffic, processing the metadata, analyzing the metadata after the metadata has been processed, and based on the analyzing, determining whether or not an actual attack or attack threat is present in the closed network. If an attack or threat of attack is determined to exist, one or more remedial actions may then be taken.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: collecting, in a closed network, raw network traffic from one or more devices in the closed network; extracting metadata from the raw network traffic; creating aggregated data by aggregating the raw network traffic with the metadata; processing the aggregated data into time series data; inputting the time series data to an AI/ML model; analyzing the time series data using the AI/ML model after the aggregated data has been processed; and based on the analyzing, determining whether or not an actual attack or attack threat is present in the closed network. 2. The method as recited in claim 1 , wherein the method is performed by a VNF pod on an edge node of the closed network. 3. The method as recited in claim 1 , wherein the closed network is a 5G CBRS network. 4. The method as recited in claim 1 , wherein the extracted metadata comprises TCP headers. 5. The method as recited in claim 1 , wherein the determining indicates that an attack or attack threat is present in the closed network, and the method further comprises transmitting instructions to the one or more devices in the closed network not to accept calls from the one or more devices within the closed network which initiated the attack or present the attack threat. 6. The method as recited in claim 1 , wherein the one or more devices in the closed network were authorized to join the closed network, and one of the devices comprises an IoT device. 7. The method as recited in claim 1 , wherein the actual attack or attack threat comprises, respectively, a DOS attack or DOS attack threat. 8. The method as recited in claim 1 , further comprising identifying the one or more devices in the closed network which initiated the attack or present the attack threat. 9. The method as recited in claim 1 , wherein the raw network traffic is collected by way of a data plane through which all the raw network traffic passes. 10. A non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: collecting, in a closed network, raw network traffic from one or more devices in the closed network; extracting metadata from the raw network traffic; creating aggregated data by aggregating the raw network traffic with the metadata; processing the aggregated data into time series data; inputting the time series data to an AI/ML model; analyzing the time series data using the AI/ML model after the aggregated data has been processed; and based on the analyzing, determining whether or not an actual attack or attack threat is present in the closed network. 11. The non-transitory storage medium as recited in claim 10 , wherein the operations are performed by a VNF pod on an edge node of the closed network. 12. The non-transitory storage medium as recited in claim 10 , wherein the closed network is a 5G CBRS network. 13. The non-transitory storage medium as recited in claim 10 , wherein the extracted metadata comprises TCP headers. 14. The non-transitory storage medium as recited in claim 10 , wherein the determining indicates that an attack or attack threat is present in the closed network, and the method further comprises transmitting instructions to the one or more devices in the closed network not to accept calls from the one or more devices within the closed network which initiated the attack or present the attack threat. 15. The non-transitory storage medium as recited in claim 10 , wherein the one or more devices in the closed network were authorized to join the closed network, and one of the devices comprises an IoT device. 16. The non-transitory storage medium as recited in claim 10 , wherein the actual attack or attack threat comprises, respectively, a DOS attack or DOS attack threat. 17. The non-transitory storage medium as recited in claim 10 , wherein the operations further comprise identifying the one or more devices in the closed network which initiated the attack or present the attack threat. 18. The non-transitory storage medium as recited in claim 10 , wherein the raw network traffic is collected by way of a data plane through which all the raw network traffic passes.
Assignees
Inventors
Classifications
Traffic logging, e.g. anomaly detection · CPC title
Parsing or analysis of headers · CPC title
using machine learning or artificial intelligence · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
using statistical or mathematical methods · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12041077B2 cover?
- One example method includes collecting, in a closed network, raw network traffic from one or more devices in the closed network, extracting metadata from the raw network traffic, processing the metadata, analyzing the metadata after the metadata has been processed, and based on the analyzing, determining whether or not an actual attack or attack threat is present in the closed network. If an at…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1458. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).