Fortinet, Inc.
KERNEL SPACE BASED CAPTURE USING INTELLIGENT PACKET SELECTION PARADIGM AND EVENT OUTPUT STORAGE DETERMINATION METHODOLOGY

Abstract:

Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to an embodiment, a computer system receives a packet in kernel space, ascertains whether the packet is destined for the computer system, when the ascertaining is affirmative the packet is forwarded to user space; otherwise, it is determined whether the packet is associated with a protocol used by IoT devices. When the determination is affirmative, header information is extracted from the packet, and subsequent IoT device detection processing is facilitated by sending the header information to the user space. The same or a separate computer system may perform the IoT device detection processing based on the header information by for each identified TCP or UDP flow: creating a variable-length feature set; and inferring whether the TCP or UDP flow represents an IoT device or a non-IoT device communication by applying an ML model.