U.S. patent application number 13/236186 was filed with the patent office on 2012-01-12 for prioritizing network traffic.
This patent application is currently assigned to McAfee, Inc. Invention is credited to Dmitri Alperovitch, Paula Greve, Paul Judge, Sven Krasser, Phyllis Adele Schneck.
Application Number | 20120011252 13/236186 |
Document ID | / |
Family ID | 40623609 |
Filed Date | 2012-01-12 |
United States Patent
Application |
20120011252 |
Kind Code |
A1 |
Alperovitch; Dmitri ; et
al. |
January 12, 2012 |
PRIORITIZING NETWORK TRAFFIC
Abstract
Methods and systems for operation upon one or more data
processors for prioritizing transmission among a plurality of data
streams based upon a classification associated with the data
packets associated with each of the plurality of data streams,
respectively. Systems and methods can operate to allocate bandwidth
to priority data streams first and recursively allocate remaining
bandwidth to lesser priority data streams based upon the priority
associated with those respective lesser priority data streams.
Inventors: |
Alperovitch; Dmitri;
(Atlanta, GA) ; Greve; Paula; (Lina Lakes, MN)
; Judge; Paul; (Atlanta, GA) ; Krasser; Sven;
(Atlanta, GA) ; Schneck; Phyllis Adele; (Reston,
GA) |
Assignee: |
McAfee, Inc
Santa Clara
CA
|
Family ID: |
40623609 |
Appl. No.: |
13/236186 |
Filed: |
September 19, 2011 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11937274 |
Nov 8, 2007 |
8045458 |
|
|
13236186 |
|
|
|
|
Current U.S.
Class: |
709/224 |
Current CPC
Class: |
H04L 47/2441 20130101;
H04L 47/2458 20130101; H04L 45/306 20130101; H04L 47/2433 20130101;
H04L 47/10 20130101; H04L 45/00 20130101; H04L 47/32 20130101 |
Class at
Publication: |
709/224 |
International
Class: |
G06F 15/173 20060101
G06F015/173 |
Claims
1. A computer implemented network traffic prioritization method
comprising: receiving data in each of a plurality of classes; for
each of the plurality of classes, identifying class features for
the class based on features of the data in the class; receiving a
plurality of network traffic streams, the network traffic streams
comprising data packets communicated between sender devices and
recipient devices; identifying characteristics of the data packets;
for each of the data packets, comparing the characteristics of the
data packet to the class features of the plurality of classes;
classifying, by one or more processors, each of the data packets
into one or more classifications based on the comparison;
identifying reputations of originating or destination entities
associated with the network traffic streams; and determining one or
more priorities of the network traffic streams based on a
prioritization scheme that is based on one or more of the
reputations of the originating or destination entities and the one
or more classifications of the data packets.
2. The method of claim 1, further comprising: transmitting the data
packets based on the one more priorities of the network traffic
streams.
3. The method of claim 2, further comprising: determining whether a
network threshold usage has been exceeded by the transmission of
data packets from the network traffic streams; and wherein
transmitting the data packets comprises: in response to determining
that the network threshold usage has been exceeded, disrupting the
transmission of data packets from a first one of the network
traffic streams having a priority that is lower than a priority of
a second one of the network traffic streams.
4. The method of claim 2, wherein transmitting the data packets
comprises: dropping data packets from a network traffic stream from
an originating entity having an identified reputation for
originating spam.
5. The method of claim 2, wherein transmitting the data packets
comprises: delaying data packets from a network traffic stream from
an originating entity having an identified reputation for
originating spam.
6. The method of claim 2, wherein transmitting the data packets
comprises: allocating network bandwidth to a first one of the
network traffic streams having a priority that is higher than a
priority of a second one of the network traffic streams prior to
allocation of network bandwidth to the second one of the network
traffic streams independent of an order in which the data packets
from the first and second network traffic streams are received.
7. The method of claim 1, wherein determining one or more
priorities of the network traffic streams comprises: identifying
the prioritization scheme, the prioritization scheme specifying a
prioritization of each of the one or more classifications and the
reputations.
8. The method of claim 1, further comprising: allocating network
bandwidth to each of the network traffic streams based on a first
allocation scheme; determining whether a network threshold usage
has been exceeded by transmission of data packets from the network
traffic streams; and in response to determining that the network
threshold usage has been exceeded, allocating the network bandwidth
based the prioritization scheme, wherein the prioritization scheme
is different from the first allocation scheme.
9. A system comprising: a data processing apparatus; and software
stored on a computer storage apparatus and comprising instructions
executable by the data processing apparatus and upon such execution
cause the data processing apparatus to perform operations
comprising: receiving data in each of a plurality of classes; for
each of the plurality of classes, identifying class features for
the class based on features of the data in the class; receiving a
plurality of network traffic streams, the network traffic streams
comprising data packets communicated between sender devices and
recipient devices; identifying characteristics of the data packets;
for each of the data packets, comparing the characteristics of the
data packet to the class features of the plurality of classes;
classifying, by one or more processors, each of the data packets
into one or more classifications based on the comparison;
identifying reputations of originating or destination entities
associated with the network traffic streams; and prioritizing the
network traffic streams based on a prioritization scheme that is
based on one or more of the reputations of the originating or
destination entities and the one or more classifications of the
data packets.
10. The system of claim 9, wherein upon execution of the
instructions the data processing apparatus further performs
operations comprising: transmitting the data packets based on the
prioritization scheme.
11. The system of claim 10, wherein upon execution of the
instructions the data processing apparatus further performs
operations comprising: determining whether a network threshold
usage has been exceeded by the transmission of data packets from
the network traffic streams; and wherein transmitting the data
packets comprises: in response to determining that the network
threshold usage has been exceeded, disrupting the transmission of
data packets from a first one of the network traffic streams having
a priority that is lower than a priority of a second one of the
network traffic streams.
12. The system of claim 10, wherein transmitting the data packets
comprises: dropping data packets from a network traffic stream from
an originating entity having an identified reputation for
originating spam.
13. The system of claim 10, wherein transmitting the data packets
comprises: delaying data packets from a network traffic stream from
an originating entity having an identified reputation for
originating spam.
14. The system of claim 10, wherein transmitting the data packets
comprises: allocating network bandwidth to a first one of the
network traffic streams having a priority that is higher than a
priority of a second one of the network traffic streams prior to
allocation of network bandwidth to the second one of the network
traffic streams independent of an order in which the data packets
from the first and second network traffic streams are received.
15. The system of claim 9, wherein determining one or more
priorities of the network traffic streams comprises: identifying
the prioritization scheme, the prioritization scheme specifying a
prioritization of each of the one or more classifications and the
reputations.
16. The system of claim 9, wherein upon execution of the
instructions the data processing apparatus further performs
operations comprising: allocating network bandwidth to each of the
network traffic streams based on a first allocation scheme;
determining whether a network threshold usage has been exceeded by
transmission of data packets from the network traffic streams; and
in response to determining that the network threshold usage has
been exceeded, allocating the network bandwidth based the
prioritization scheme, wherein the prioritization scheme is
different from the first allocation scheme.
17. A computer storage medium encoded with a computer program, the
program comprising instructions that when executed by a data
processing apparatus cause the data processing apparatus to perform
operations, comprising: receiving data in each of a plurality of
classes; for each of the plurality of classes, identifying class
features for the class based on features of the data in the class;
receiving a plurality of network traffic streams, the network
traffic streams comprising data packets communicated between sender
devices and recipient devices; identifying characteristics of the
data packets; for each of the data packets, comparing the
characteristics of the data packet to the class features of the
plurality of classes; classifying, by one or more processors, each
of the data packets into one or more classifications based on the
comparison; identifying reputations of originating or destination
entities associated with the network traffic streams; determining
one or more priorities of the network traffic streams based on a
prioritization scheme that is based on one or more of the
reputations of the originating or destination entities and the one
or more classifications of the data packets; and transmitting the
data packets based on the one more priorities of the network
traffic streams.
18. The computer storage medium of claim 17, wherein transmitting
the data packets comprises: dropping data packets from a network
traffic stream from an originating entity having an identified
reputation for originating spam.
19. The computer storage medium of claim 17, wherein transmitting
the data packets comprises: delaying data packets from a network
traffic stream from an originating entity having an identified
reputation for originating spam.
20. The computer storage medium of claim 19, wherein delaying data
packets from a network traffic stream comprises: delaying the data
packets having a specified characteristic based on the
prioritization scheme.
Description
CROSS-REFERENCE
[0001] This application is a continuation application of co-pending
U.S. application Ser. No. 11/937,274, titled "Prioritizing Network
Traffic," filed Nov. 8, 2007, the disclosure of which is
incorporated herein by reference in its entirety.
TECHNICAL FIELD
[0002] This document relates generally to systems and methods for
processing communications and more particularly to systems and
methods for prioritizing network traffic.
BACKGROUND
[0003] Internet connectivity has become central to many daily
activities. For example, millions of people worldwide use the
internet for various bill pay and banking functionalities.
Countless more people use the internet for shopping, entertainment,
to obtain news, and for myriad other purposes. Moreover, many
businesses relies on the internet for communicating with suppliers
and customers, as well as providing a resource library for their
employees.
[0004] However, a large amount of traffic that is communicated by
the internet is relatively unimportant or not time critical. For
example, electronic mail is typically not time sensitive. Thus,
whether electronic mail is delivered instantaneously or delayed by
an hour often does not make a difference. Such unimportant
communication traffic has the potential to delay and/or disrupt
more important traffic.
SUMMARY
[0005] In one aspect, systems, methods, apparatuses and computer
program products are provided. In one aspect, methods are
disclosed, which comprise: receiving a plurality of network traffic
streams, the network traffic streams comprising data communicated
between sender devices and recipient devices; parsing the network
traffic streams based upon one or more transmission protocol
associated with the network traffic streams, the parsing being
operable to identify characteristics of data packets respectively
associated with the traffic streams; applying a plurality of tests
to the data packets or groupings of data packets, each of the
plurality of tests being operable to test some or all of the data
packets for a classification characteristic; generating a results
array based upon the classification characteristics identified by
the plurality of tests; classifying each of the data packets into
one or more classifications from a plurality of classifications
based upon the results array; and, prioritizing the traffic streams
associated with the data packets based upon a prioritization
scheme, the prioritization scheme being based on the one or more
classifications associated with the data packet.
[0006] Systems can include a classification module, a
prioritization module and a communications interface. The
classification module can receive data packets associated with one
or more data streams and can classify each of the plurality of data
streams into one or more classifications. The prioritization module
can prioritize transmission of the data packets based upon a
prioritization scheme, the prioritization scheme including a
prioritization of each of the classifications, wherein the
application of the prioritization scheme is operable to identify a
priority data stream. The communications interface can allocate
bandwidth to the priority data stream before allocation of any
remaining bandwidth to remaining data streams.
DESCRIPTION OF DRAWINGS
[0007] FIG. 1 is a block diagram depicting network including a
network traffic prioritization system.
[0008] FIG. 2 is a block diagram depicting an example of a network
traffic prioritization system.
[0009] FIG. 3 is a block diagram depicting another example of a
network traffic prioritization system.
[0010] FIG. 4 is a block diagram depicting another example of a
network traffic prioritization system.
[0011] FIG. 5 is a block diagram illustrating an example network
architecture including a router operable to receive input from a
classification engine.
[0012] FIG. 6 is a flow diagram illustrating an example network
traffic prioritization process.
[0013] FIG. 7 is a flow diagram illustrating an example
classification and prioritization process.
DETAILED DESCRIPTION
[0014] FIG. 1 is a block diagram depicting network environment 100
including a network traffic prioritization system 110. The network
traffic prioritization system 110 can operate to prioritize
communications between a first entity 120 and a second entity 130
over a network 140. In some implementations, the traffic can be
prioritized based upon a classification associated with the
traffic. The prioritization, in various implementations, can
operate to allocate more bandwidth to higher priority
communications while allocating less bandwidth to lower priority
communications. For example, communications that are classified as
the highest priority (e.g., national security, commercial, business
oriented, etc.) can be allocated bandwidth first, while
communications classified as the lowest priority (e.g., spam, music
downloads, adult content, social traffic, gaming content,
entertainment content, malicious content, etc.) can be allocated
any remaining bandwidth after higher priority communications have
been transmitted.
[0015] In other implementations, the network traffic prioritization
system 110 can have the ability to block types of network traffic
based upon one or both of a classification associated with the
network traffic or a reputation of an entity associated with the
network traffic. In further implementations, the network traffic
prioritization system 110 can prioritize certain network traffic
based upon classification(s) associated with the network traffic
and/or reputations of one or more entities associated with the
network traffic, while blocking other network traffic based upon
classification(s) of the network traffic and/or reputations of one
or more entities associated with the network traffic.
[0016] In some implementations, the network traffic prioritization
system 110 can be controlled by an administrator (e.g., internet
service provider (ISP) or government entity). In various
implementations, priority can be based on policy and can be
received from an administrator and/or dynamically changed for
technical reasons (e.g., exhaustion of bandwidth), legislative rule
making (e.g., government policy) or business decision (e.g.,
conservation of resources) or a combination thereof. For example,
in an emergency situation legitimate communications should not be
slowed by bulk network traffic (e.g., spam, adult content, music
downloads, etc.). In other implementations, the network traffic
prioritization system 110 can receive input from the first or
second entity indicating that the traffic being communicated
between the entities should be prioritized over other traffic. For
example, the government emergency telephone service (GETS) provides
an access code to high level government workers for use during
times of crisis, when phone systems are often overloaded.
[0017] Such systems could be expanded to data networks to provide
robust data access during emergencies.
[0018] In some implementations, the first entity and/or the second
entity can include a variety of different computing devices. For
example, computing devices can include personal computers, routers,
servers, mobile communications devices (e.g., cellular phones,
mobile electronic mail (e-mail) devices, 802.11 x equipped laptop
computers, laptop computers equipped evolution-data optimized
(EV-DO) access cards, etc.), among many others. In other
implementations, the first entity 120 and/or the second entity 130
can include networks. For example, networks can include sub-nets,
wireless networks, cellular networks, data networks, voice
networks, intranets, intranets, etc.
[0019] In various implementations, the first entity 120 and second
entity 130 can communicate with each other through a network 140.
The network 140, for example, can be the internet. In other
examples, the network 140 can include intranets, sub-nets, etc. The
first entity and second entity can communicate a variety of
classifications of data. The network traffic prioritization system
110 can classify the data, and can apply a prioritization scheme to
the data.
[0020] In some implementations, the prioritization scheme can
allocate network bandwidth to highest priority data classifications
first, and recursively allocate bandwidth to successively lower
priority data classifications until there is no more bandwidth or
all data classifications have been allocated bandwidth. For
example, if there are classifications of business traffic having
first priority, news traffic having second priority, and spam
traffic having third priority, the business traffic can be
allocated bandwidth first, the news traffic can be allocated
bandwidth second (if any bandwidth is available), and the spam
traffic can be allocated bandwidth third (if any bandwidth is
available).
[0021] In other implementations, a prioritization scheme can
specify that traffic can be allocated normally until a threshold
network usage is reached. In such implementations, upon detecting
the threshold network usage, the network traffic prioritization
system 110 can disrupt a low priority data stream when a higher
priority data stream is received, the priorities being based upon a
prioritization scheme. For example, when a network 140 is
experiencing heavy usage, the network traffic prioritization system
110 can disconnect a existing spam traffic stream from the system
when a new business traffic stream instance is received or can
block an outbound connection where the destination is a known
phishing site, according to data from, for example, the
classification or reputation modules.
[0022] In still further implementations, the network traffic
prioritization system 110 can communicate high priority traffic
first, and wait for periods of inactivity during which to send
lower priority traffic based upon the prioritization scheme. For
example, if high priority traffic can be placed in a high priority
queue for transmission, while lower priority traffic can be placed
in a low priority queue for transmission. In such examples, the
data in the low priority queue might not be transmitted until the
high priority queue is empty. Thus, the network traffic
prioritization system can transmit all of the high priority traffic
and then transmit lower priority traffic until more high priority
traffic is received or all of the low priority traffic has been
transmitted.
[0023] In other implementations, the network traffic prioritization
scheme can include blocking certain classifications of network
traffic and/or network traffic associated with network entities
have a specified reputation. For example, network traffic
associated with entities having a reputation for originating spam
can be blocked from traversing the network. In further
implementations, the prioritization scheme in addition to block
certain types of network traffic can prioritize other network
traffic having a specified classification or reputation can be
prioritized over other traffic. In some examples, network traffic
which is neither blocked nor prioritized can be transmitted as
normal priority (e.g., using available bandwidth, transmitted
during periods of low usage, using a reserved segment of bandwidth
for normal priority traffic, etc.). In still further examples, the
prioritization scheme can specify to block network traffic having a
first classification while specifying to de-prioritize network
traffic having another classification. De-prioritization of traffic
can provide for transmitting low priority traffic (e.g.,
entertainment, streaming music or video, etc.) with low bandwidth,
while blocking can provide for elimination of unwanted traffic
(e.g., spam traffic, malware traffic, bot traffic, malicious
traffic, etc.).
[0024] In various implementations, prioritization schemes according
to any of the above implementations of prioritization schemes can
be combined.
[0025] FIG. 2 is a block diagram depicting an example of a network
traffic prioritization system 110a. In some implementations, the
network traffic prioritization system 110a can include a
communications interface 200, a classification module 210 and a
prioritization module 220. In some implementations, the
communications interface 200 can be a router. For example, the
communications interface 200 operable to receive data packets from
an originating entity (e.g., entity 120 of FIG. 1) and to forward
the data packets to a receiving entity (e.g., entity 130 of FIG.
1). In such examples, the communications interface 200 can parse a
data packet to determine how to route the data packet.
[0026] In various implementations, the classification module 210
can operate to classify data streams based upon the characteristics
associated with the data streams. The classification module 210 can
apply multiple tests to an individual communication and derive a
result array from the message. The result array can be compared to
characteristics of known communication classifications in order to
define the classification associated with the data stream.
Classification of data is described in more detail by U.S. patent
application Ser. No. 11/173,941, entitled "Message Profiling
Systems and Methods," filed on Jun. 2, 2005, which is hereby
incorporated by reference in its entirety. Classification of data
is further described by U.S. patent application Ser. No.
11/173,941, entitled "Content-based Policy Compliance Systems and
Methods, filed on May 15, 2006, which is hereby incorporated by
reference in its entirety. The classification module 210, in some
examples, can be provided by a TrustedSource.TM. database,
available from Secure Computing Corporation of San Jose, Calif.,
which can operate to provide classification definitions against
which communications can be compared for classification.
[0027] In various implementations, the classification module 210
can classify data into one or more of a number of categories. In
various implementations, the categories can include, for example,
adult content, spam content, music content, electronic mail
traffic, electronic commerce traffic, business traffic, social
traffic, web 2.0 traffic, messaging traffic, conferencing traffic,
medical content, search traffic, gaming content, entertainment
content, education content, syndicated content, podcast content,
malicious content, opinion content, informational content, or news
content. In some implementations, the categories can be identified
by a corpus of documents associated with a classification. The
corpus of documents can be those documents identified by users to
include content associated with a particular classification. The
classification module can perform a variety of tests on the corpus
of documents to identify the defining features of the class of
data. In some implementations, the characteristics of subsequently
received data can be extracted and compared to the defining
features of various identified classes of data to determine whether
the subsequently received data belongs to any of the identified
classes of data.
[0028] In some implementations, the user and/or administrator can
define his or her own classifications of data. For example, a user
might have his/her own subjective grouping of data. The user can
group together documents that exemplify the types of data the user
would assign to the classification. In such implementations, the
classification module 210 can examine the user defined grouping and
identify the distinguishing features that define the class. The
classification module 210 can then extract characteristics from
subsequently received data and compare the extracted
characteristics to the user defined category to determine whether
the subsequently received data belongs to the user defined
category. Multiple user and/or administrator defined categories can
be generated based upon user and/or administrator input.
[0029] After classifying the data stream, the network traffic
management system 110a can use a prioritization module 220 to
determine a priority associated with the data stream. The
prioritization module 220 can include a prioritization scheme
operable to define a hierarchy associated with classification
types. In various examples, the prioritization module can be
operable to allocate bandwidth to each of the data streams based
upon the classification associated with the respective data
streams. For example, a data stream having a highest priority
classification can be allocated bandwidth first, a data stream
having a second priority classification can be allocated bandwidth
second, a data stream having a third priority classification can be
allocated bandwidth third, etc.
[0030] In some implementations, the prioritization module 220 is
operable to receive prioritization input 230. The prioritization
input 230, for example, can include specification of a
prioritization scheme. In some implementations, the prioritization
input 230, can include a signal to enable prioritization of the
data streams. Upon prioritizing the data streams, the
communications interface 200 can transmit the data streams to their
respective destination based upon prioritization of the data
streams.
[0031] FIG. 3 is a block diagram depicting another example of a
network traffic prioritization system 110b. In some
implementations, the network traffic prioritization system 110b can
include a communications interface 300, a classification module
310, a prioritization module 320 and a delay module 330. In some
implementations, the communications interface 200 can be a
router.
[0032] The classification module 310, in various implementations,
can operate to classify data streams based upon the characteristics
associated with the data streams. The classification module 310 can
apply multiple tests to an individual communication and derive a
result array from the message. The result array can be compared to
characteristics of known communication classifications in order to
define the classification associated with the data stream.
Classification of the data streams can be used to determine a
priority associated with each of the respective data streams.
[0033] Upon classifying the data stream, the network traffic
management system 110b can use a prioritization module 320 to
determine a priority associated with the data stream. The
prioritization module 320 can include a prioritization scheme
operable to define a hierarchy associated with classification
types. In various examples, the prioritization module can be
operable to send a low priority data stream to a delay module 330.
In some implementations, the delay module 330 can include a low
priority queue, whereby high priority traffic is transmitted based
upon the available bandwidth, while data in the low priority queue
is held until there is no high priority traffic to transmit.
[0034] In some implementations, the prioritization module 320 is
operable to receive prioritization input 340. The prioritization
input 340, for example, can include specification of a
prioritization scheme. In some implementations, the prioritization
input 340, can include a signal to enable prioritization of the
data streams. Upon input from the prioritization module 320, the
communications interface 300 can transmit the data streams to their
respective destination.
[0035] FIG. 4 is a block diagram depicting another example of a
network traffic prioritization system 110c. In some
implementations, the network traffic prioritization module 110c can
include a communications interface 400, a classification module
410, a reputation module 420 and a prioritization module 430. The
network traffic prioritization system 110c can be used to
prioritize specific classifications of traffic over other
classifications of traffic. For example, business traffic or
government traffic can be prioritized over spam traffic.
[0036] The communications interface 400, in some implementations,
can include the functionality of a router. For example, the
communications interface can be operable to parse the data packets
to determine a destination associated with each of the data
packets. The communications interface 400 can forward the data
packets to the destination responsive to input received from the
prioritization module 430.
[0037] The classification module 410, in various implementations,
can operate to classify data streams based upon the characteristics
associated with the data streams. The classification module 410 can
apply multiple tests to an individual communication and derive a
result array from the message. The result array can be compared to
characteristics of known communication classifications in order to
define the classification associated with the data stream.
Classification of the data streams can be used to determine a
priority associated with each of the respective data streams.
[0038] A reputation module 420 can operate to determine the
reputation associated with an originating entity (e.g., entity 120
of FIG. 1) or a receiving entity (e.g., entity 130 of FIG. 1). The
reputation can be used to determine a reputation of the originating
or receiving entity for various classifications of traffic.
Reputation modules are describe in more detail in U.S. patent
application Ser. No. 11/142,943, entitled "Systems and Methods for
Classification of Messaging Entities," filed on Jun. 2, 2005, which
is hereby incorporated by reference in its entirety. Additional
implementations of reputation modules can be found in U.S. patent
application Ser. No. 11/626,462, entitled "Correlation and Analysis
of Messaging Identifiers and Attributes," filed on Jan. 24, 2007.
In some implementations, the reputation of an entity for
participating in types of activity can be used in conjunction with
message classification to determine a priority associated with a
data stream. For example, a data stream with a weak spam
classification can be made stronger based on the data stream being
associated with an entity that has a reputation for originating or
receiving spam.
[0039] After classification of the data stream and reputation of
the entities associated with the data stream, the network traffic
management system 110c can use a prioritization module 430 to
determine a priority associated with the data stream. The
prioritization module 430 can include a prioritization scheme
operable to define a hierarchy associated with classification types
and reputations. In some implementations, the prioritization module
can allocate priority to certain classifications of data streams or
entities with reputations for transmitting those classifications of
data streams over other classifications of data streams and entity
reputations based upon a prioritization scheme. The prioritization
scheme can be provided, for example, by an administrator. In other
examples, the prioritization scheme can be provided by a
governmental entity.
[0040] In some implementations, the prioritization module 430 is
operable to receive prioritization input 440. The prioritization
input 440, for example, can include specification of a
prioritization scheme. In some implementations, the prioritization
input 440, can include a signal to enable prioritization of the
data streams. Upon input from the prioritization module 430, the
communications interface 400 can transmit the data streams to their
respective destination.
[0041] FIG. 5 is a block diagram illustrating an example network
architecture 500 including a router 510 operable to receive input
from a classification engine 520. In some implementations, the
router 510 can be part of a network 530, and operable to route
traffic between a first entity 540 and a second entity 550. The
router 510 can request classification information from the
classification engine 520. The classification information can be
used by the router 510 to determine whether to prioritize the
associated data stream. In some implementations, the router 510 can
operate to prioritize data packets based upon the classification
associated with the data packets included in the data stream. Thus,
data streams of higher priority can be allocated bandwidth prior to
allocation of bandwidth to lower priority data streams independent
of the order in which the data packets associated with the data
stream are received.
[0042] In optional implementations, the router 510 can retrieve
reputation information associated with the data streams from a
reputation engine 560. The reputation information can be used to
determine whether to provide priority to data streams associated
with an entity of a given reputation. For example, entities with a
reputation for sending government traffic might be provided
priority over other entities in emergency situations. In other
examples, data streams originating from entities with strong
reputations for transmitting spam might be assigned a low priority
with respect to data traffic originating from entities with
reputations for originating reputable traffic. In additional
implementations, reputation information can be used to confirm weak
classifications of data streams.
[0043] In some implementations, the router can use the
classification and/or reputation information to assign a priority
associated with the data stream. Data streams of a first priority
can be given transmission priority over data streams of a second or
lower priority. Similarly, data streams of a second priority can be
given transmission priority over data streams of a third or lower
priority. Priority can be attained through allocation of bandwidth,
delay of lower priority traffic, or transmission of low priority
traffic during periods of inactivity.
[0044] FIG. 6 is a flow diagram illustrating an example network
traffic prioritization process. At stage 600 data packets
associated with one or more data streams are received. The data
packets can be received, for example, by a communications interface
(e.g., communications interface 200 of FIG. 2). The data packets
can include a header and a payload. The header, for example, can
identify an origination address and a destination address. The
payload, for example, can identify the data being transmitted
(e.g., a music download, a spam message, a teleconference, a voice
over internet protocol communication, etc.).
[0045] At stage 610 a source and destination address of the data
packets can be identified. The source and destination address can
be identified, for example, by a communications interface (e.g.,
communications interface 200 of FIG. 2). In various
implementations, the data packets can be parsed to identify the
source and destination addresses from the data packet headers. The
data packet headers can also identify a data stream to which the
data packet belongs. In various implementations, the source and
destination address can be used to determine a routing of the data
packets.
[0046] At stage 620 the data stream is classified. The data stream
can be classified, for example, by a classification module (e.g.,
classification module 210 of FIG. 2). In some implementations, the
data stream can be classified based upon the identification of
numerous characteristics associated with the data stream. The
characteristics can be identified, for example, by multiple tests
operating on the data packets and/or data stream. In some
implementations, the data stream can be assembled to apply one or
more tests to the data associated with the data stream. For
example, an electronic message might be assembled to determine
whether the message includes attributes characteristic of spam
messages.
[0047] At stage 630 transmission of data packets can be
prioritized. The transmission of data packets can be prioritized,
for example, by a prioritization module (e.g., prioritization
module 220 of FIG. 2). In some implementations, the prioritization
module can prioritize the data streams based upon a prioritization
scheme. For example, a prioritization scheme can define a hierarchy
associated with each classification of data stream. In various
implementations, the data streams can be prioritized through the
allocation of bandwidth to a data stream based upon a
classification associated with the data stream.
[0048] FIG. 7 is a flow diagram illustrating an example
classification and prioritization process. At stage 700, network
data streams are received. The data streams can be received, for
example, by a communications interface (e.g., communications
interface 200 of FIG. 2). The data streams can include a number of
data packets. Each of the data packets can identify the stream it
belongs to as well as source and destination address for routing
purposes.
[0049] At stage 710, the data streams can be parsed to identify
data packets within the streams. The data streams can be parsed,
for example, by a communications interface (e.g., communications
interface 200 of FIG. 2). The parsing of the data stream can enable
reconstruction of the data, as well as provide information about
the originating entity and the receiving entity.
[0050] At stage 720, multiple tests can be applied to the data
packets. The tests can be applied to the data packets, for example,
by a classification engine (e.g., classification module 210 of FIG.
2). Such tests are described in U.S. patent application Ser. No.
11/173,941, entitled "Message Profiling Systems and Methods."
Additional tests are described in U.S. patent application Ser. No.
11/383,347, entitled "Content-Based Policy Compliance Systems and
Methods," filed on May 15, 2006, which is hereby incorporated by
reference in its entirety. In various implementations, the multiple
tests can include tests to identify spam characteristics within the
data, based upon size, data characteristics, header
characteristics, etc. In additional implementations, other tests
can be applied to the data to identify similarities between the
data and known business data.
[0051] At stage 730, a results array can be generated based on the
tests. The results array can be generated, for example, by a
classification engine (e.g., classification module 210 of FIG. 2).
In various implementations, the results array includes the results
of each of the tests and can be compared to characteristic arrays
that define various classifications of data communications.
[0052] At stage 740, the data packets are classified. The data
packets can be classified, for example, by a classification engine
(e.g., classification module 210 of FIG. 2). In some
implementations, the data packets can be classified based upon the
similarity of a data stream to data streams of known classification
type. For example, the results array can be compared to a
characteristic array associated with a classification type, and
based upon the similarities between the results array and the
characteristic array the data can be classified.
[0053] At stage 750, the data packets are prioritized. The data
packets can be prioritized, for example, by a prioritization engine
(e.g., prioritization module 220 of FIG. 2). In some
implementations, the data packets can be prioritized based upon a
prioritization scheme. The prioritization scheme, for example, can
identify a hierarchy in which data of the highest classification is
transmitted with priority over all other data types, and each
succeeding priority level is transmitted with priority over other
lower priority data types.
[0054] The systems and methods disclosed herein may use data
signals conveyed using networks (e.g., local area network, wide
area network, internet, etc.), fiber optic medium, carrier waves,
wireless networks (e.g., wireless local area networks, wireless
metropolitan area networks, cellular networks, etc.), etc. for
communication with one or more data processing devices (e.g.,
mobile devices). The data signals can carry any or all of the data
disclosed herein that is provided to or from a device.
[0055] The methods and systems described herein may be implemented
on many different types of processing devices by program code
comprising program instructions that are executable by one or more
processors. The software program instructions may include source
code, object code, machine code, or any other stored data that is
operable to cause a processing system to perform methods described
herein.
[0056] The systems and methods may be provided on many different
types of computer-readable media including computer storage
mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's
hard drive, etc.) that contain instructions for use in execution by
a processor to perform the methods' operations and implement the
systems described herein.
[0057] The computer components, software modules, functions and
data structures described herein may be connected directly or
indirectly to each other in order to allow the flow of data needed
for their operations. It is also noted that software instructions
or a module can be implemented for example as a subroutine unit of
code, or as a software function unit of code, or as an object (as
in an object-oriented paradigm), or as an applet, or in a computer
script language, or as another type of computer code or firmware.
The software components and/or functionality may be located on a
single device or distributed across multiple devices depending upon
the situation at hand.
[0058] This written description sets forth the best mode of the
invention and provides examples to describe the invention and to
enable a person of ordinary skill in the art to make and use the
invention. This written description does not limit the invention to
the precise terms set forth. Thus, while the invention has been
described in detail with reference to the examples set forth above,
those of ordinary skill in the art may effect alterations,
modifications and variations to the examples without departing from
the scope of the invention.
[0059] As used in the description herein and throughout the claims
that follow, the meaning of "a," "an," and "the" includes plural
reference unless the context clearly dictates otherwise. Also, as
used in the description herein and throughout the claims that
follow, the meaning of "in" includes "in" and "on" unless the
context clearly dictates otherwise. Finally, as used in the
description herein and throughout the claims that follow, the
meanings of "and" and "or" include both the conjunctive and
disjunctive and may be used interchangeably unless the context
clearly dictates otherwise.
[0060] Ranges may be expressed herein as from "about" one
particular value, and/or to "about" another particular value. When
such a range is expressed, another embodiment includes from the one
particular value and/or to the other particular value. Similarly,
when values are expressed as approximations, by use of the
antecedent "about," it will be understood that the particular value
forms another embodiment. It will be further understood that the
endpoints of each of the ranges are significant both in relation to
the other endpoint, and independently of the other endpoint.
[0061] These and other implementations are within the scope of the
following claims.
* * * * *