| CPC H04L 43/026 (2013.01) [G06F 18/214 (2023.01); G06F 18/2413 (2023.01); H04L 43/16 (2013.01); H04L 45/30 (2013.01); H04L 45/38 (2013.01); H04L 45/42 (2013.01)] | 18 Claims |
|
1. A method comprising:
receiving, by a network appliance, a plurality of packets of a plurality of traffic flows;
parsing, by a parser in a data path implemented by a special purpose packet processing circuitry in the network appliance, a plurality of packet headers of the packets to produce a plurality of packet header vectors (PHVs);
using the PHVs to process the packets in the data path before transmitting the packets to a plurality of destination IP addresses that are in the PHVs;
storing, in a flow table of the network appliance, a flow creation time of the traffic flows or a packet count of the traffic flows;
using the PHVs, by the network appliance, to produce a plurality of feature vectors for the traffic flows;
associating a plurality of labels with the feature vectors, each of the plurality of feature vectors labeled with one of the labels;
producing a training data that includes the feature vectors stored in association with the labels; and
producing a classification model using the training data, wherein the classification model is configured to produce a prediction based on an input feature vector, the prediction indicating one of the labels,
wherein
the labels are associated with the feature vectors based on the flow creation time, a duration determined using the flow creation time, or the packet count of the traffic flows.
|