	US 12,068,950 B2
	Application traffic flow prediction based on multi-stage network traffic flow scanning
Daphne Sang, Los Altos, CA (US); and Harish Patil, Fremont, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Aug. 15, 2022, as Appl. No. 17/819,708.
Claims priority of provisional application 63/367,029, filed on Jun. 24, 2022.
Prior Publication US 2023/0421488 A1, Dec. 28, 2023
Int. Cl. H04L 45/00 (2022.01); H04L 41/0894 (2022.01); H04L 43/026 (2022.01); H04L 45/745 (2022.01); H04L 47/10 (2022.01); H04L 47/20 (2022.01); H04L 47/2483 (2022.01)

CPC H04L 45/38 (2013.01) [H04L 41/0894 (2022.05); H04L 43/026 (2013.01); H04L 45/745 (2013.01); H04L 47/10 (2013.01); H04L 47/20 (2013.01); H04L 47/2483 (2013.01)]

20 Claims

1. A method comprising:

selecting a first signaling protocol pattern database from a plurality of signaling protocol pattern databases based, at least in part, on detecting a message of the first signaling protocol in a first network traffic flow, wherein the plurality of signaling protocol pattern databases was built with patterns corresponding to a plurality of different signaling protocols;

scanning, in a control plane, the first network traffic flow for a pattern match in the first signaling protocol pattern database;

based on the scanning indicating a pattern match in the first signaling protocol pattern database, extracting first application traffic flow identifying information for an application or data protocol indicated in a payload of the first network traffic flow corresponding to the pattern match;

associating an identifier of the first signaling protocol with a first application traffic flow identifier that is based on the first application traffic flow identifying information to generate a first mapping;

communicating the first mapping to a data plane from the control plane; and

selecting, in the data plane, a first of a plurality of policies based on the first mapping.