Adaptive network function chaining
US-2016380881-A1 · Dec 29, 2016 · US
Service delivery controller for learning network security services
US9954901B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9954901-B2 |
| Application number | US-201715397892-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 4, 2017 |
| Priority date | Jan 29, 2016 |
| Publication date | Apr 24, 2018 |
| Grant date | Apr 24, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group. Based on receiving feedback from the security appliance instance, the service delivery controller may regroup the similarity groups, and/or redirect the network flows, and/or redistribute the training results between the appliances, and/or modify assignment of appliances to similarity groups.
First claim
Opening claim text (preview).
We claim: 1. A learning-based computer network security system, comprising: one or more hardware processors; a network security service delivery controller executing on one or more of the hardware processors, the network security service delivery controller operable to receive network flow attributes associated with a network flow, the network flow to be sent to one or more destination machines via a communication network, the network security service delivery controller further operable to group the network flow into a similarity group at least based on the network flow attributes, wherein the network security service delivery controller groups a plurality of network flows into a plurality of similarity groups, the network security service delivery controller further operable to designate a network security appliance instance from a plurality of network security appliance instances for a particular similarity group, wherein the network security service delivery controller designates each of the plurality of similarity groups respectively to a network security appliance instance in the plurality of network security appliance instances, the network security service delivery controller further operable to direct transmission of the network flow to the network security appliance designated for the similarity group associated with the network flow. 2. The system of claim 1 , wherein the network security service delivery controller is further operable to designate two or more network security appliance instances from the plurality of network security appliance instances for a particular similarity group. 3. The system of claim 1 , wherein the plurality of network security appliance instances operate in learning phase and resolution phase and the network security service delivery controller receives feedback from the plurality of network security appliance instances, the feedback comprising at least whether the network security appliance instances are operating in the learning phase or the resolution phase. 4. The system of claim 1 , wherein based on feedback received from one or more of the plurality of network security appliance instances, the network security service delivery controller performs one or more of dividing the one or more similarity groups into finer groups of similarity and unifying the similarity groups. 5. The system of claim 1 , wherein the attributes comprises one or more of an application type, network protocol and Internet Protocol address source of the network flows. 6. The system of claim 1 , wherein the network security service delivery controller is further operable to receive feedback from the network security appliance instance that the network security appliance is in resolution phase, and based on the feedback the network security service delivery controller directs transmission of a training result of the network security appliance instance to one or more other network security appliance instances and reroutes at least some of the network flows in the particular similarity group to the one or more other network security appliance instances. 7. The system of claim 6 , wherein the training result comprises one or more security rules associated with determining whether the network flows in the particular similarity group are anomalous. 8. A computer-implemented method of providing learning-based computer network security, comprising: receiving, by a network security service delivery controller executing on one or more hardware processors, network flow attributes associated with a network flow, the network flow to be sent to one or more destination machines via a communication network; grouping, by the network security service delivery controller the network flow into a similarity group at least based on the network flow attributes, wherein the network security service delivery controller groups a plurality of network flows into a plurality of similarity groups; determining, by the network security service delivery controller a network security appliance instance from a plurality of network security appliance instances for a particular similarity group, wherein the network security service delivery controller designates each of the plurality of similarity groups respectively to a network security appliance instance in the plurality of network security appliance instances; and directing transmission of the network flow to the network security appliance designated for the similarity group associated with the network flow. 9. The method of claim 8 , wherein the network security service delivery controller designates two or more network security appliance instances from the plurality of network security appliance instances for the particular similarity group. 10. The method of claim 8 , wherein the network security service delivery service controller receives and directs the network flow via a network connectivity controller operatively connected to the network security service delivery service controller. 11. The method of claim 8 , wherein the plurality of network security appliance instances operate in learning phase and resolution phase and the network security service delivery controller receives feedback from the plurality of network security appliance instances, the feedback comprising at least whether the network security appliance instances are operating in the learning phase or the resolution phase. 12. The method of claim 8 , wherein based on feedback received from one or more of the plurality of network security appliance instances, the network security service delivery controller performs one or more of dividing the one or more similarity groups into finer groups of similarity and unifying the similarity groups. 13. The method of claim 8 , wherein the attributes comprises one or more of an application type, network protocol and Internet Protocol address source of the network flows. 14. The method of claim 8 , further comprising: receiving by the network security service delivery controller, feedback from the network security appliance instance that the network security appliance instance is in resolution phase; and based on the feedback, directing by the network security service delivery controller, transmission of a training result of the network security appliance instance to one or more other network security appliance instances and rerouting at least some of the network flows in the particular similarity group to the one or more other network security appliance instances. 15. The method of claim 14 , wherein the training result comprises one or more security rules associated with determining whether the network flows in the particular similarity group are anomalous. 16. A computer readable storage device storing a program of instructions executable by a machine to perform a method of providing learning-based computer network security, the method comprising: receiving, by a network security service delivery controller executing on one or more hardware processors, network flow attributes associated with a network flow, the network flow to be sent to one or more destination machines via a communication network; grouping, by the network security service delivery controller the network flow into a similarity group at least based on the network flow attributes, wherein the network security service delivery controller groups a plurality of network flows into a plurality of similarity groups; determining, by the network security service delivery controller a network security appliance instance from a plurality of network security appliance instances for a particular sim
Assignees
Inventors
Classifications
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Distributed architectures, e.g. distributed firewalls · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9954901B2 cover?
- A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particul…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 24 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).