| CPC H04L 63/1425 (2013.01) [G06F 18/214 (2023.01); G06N 20/00 (2019.01); H04L 45/02 (2013.01); H04L 45/20 (2013.01); H04L 63/0227 (2013.01); H04L 63/0236 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01); H04W 12/121 (2021.01); H04W 12/009 (2019.01)] | 20 Claims |
|
1. A hierarchical method of identifying unauthorized network traffic, the method comprising:
receiving, at one of a first plurality of nodes of a network and via a Software-Defined Field Area Network (SD-FAN) controller, a configuration that identifies (1) a corresponding first shortest path from the one of the first plurality of nodes to one of a second plurality of nodes in the network for forwarding suspicious network traffic and (2) a corresponding second shortest path from the one of the first plurality of nodes to a third plurality of nodes in the network for routing authorized network traffic, the second plurality of nodes being routers with higher packet inspection capabilities compared to the first plurality of nodes;
applying, at the one of the first plurality of nodes, a first level of network traffic analysis to identify received network traffic as one of the authorized network traffic or the suspicious network traffic;
sending, by the one of the first plurality of nodes, the received network traffic over the corresponding second shortest path to a destination if the received network traffic is the authorized network traffic;
if the received network traffic is the suspicious network traffic, tagging, by the one of the first plurality of nodes, the received network traffic as the suspicious network traffic; and
sending, by the one of the first plurality of nodes, the suspicious network traffic to the one of the second plurality of nodes over the corresponding first shortest path, the second network node applying a second level of network analysis to the received network traffic to determine if the received network traffic is authorized, unauthorized or remains identified as the suspicious network traffic.
|