US20120011252A1

US20120011252A1 - Prioritizing network traffic

Info

Publication number: US20120011252A1
Application number: US13/236,186
Authority: US
Inventors: Dmitri Alperovitch; Paula Greve; Paul Judge; Sven Krasser; Phyllis Adele Schneck
Original assignee: McAfee LLC
Current assignee: McAfee LLC; Secure Computing LLC
Priority date: 2007-11-08
Filing date: 2011-09-19
Publication date: 2012-01-12
Also published as: US8045458B2; WO2009062018A2; US20090122699A1; EP2213056A4; EP2213056B1; AU2008323779A1; AU2008323779B2; CN103444137B; WO2009062018A3; EP2213056A2; EP3328007A1; CN103444137A

Abstract

Methods and systems for operation upon one or more data processors for prioritizing transmission among a plurality of data streams based upon a classification associated with the data packets associated with each of the plurality of data streams, respectively. Systems and methods can operate to allocate bandwidth to priority data streams first and recursively allocate remaining bandwidth to lesser priority data streams based upon the priority associated with those respective lesser priority data streams.

Description

CROSS-REFERENCE

This application is a continuation application of co-pending U.S. application Ser. No. 11/937,274, titled “Prioritizing Network Traffic,” filed Nov. 8, 2007, the disclosure of which is incorporated herein by reference in its entirety.

TECHNICAL FIELD

This document relates generally to systems and methods for processing communications and more particularly to systems and methods for prioritizing network traffic.

BACKGROUND

Internet connectivity has become central to many daily activities. For example, millions of people worldwide use the internet for various bill pay and banking functionalities. Countless more people use the internet for shopping, entertainment, to obtain news, and for myriad other purposes. Moreover, many businesses relies on the internet for communicating with suppliers and customers, as well as providing a resource library for their employees.
However, a large amount of traffic that is communicated by the internet is relatively unimportant or not time critical. For example, electronic mail is typically not time sensitive. Thus, whether electronic mail is delivered instantaneously or delayed by an hour often does not make a difference. Such unimportant communication traffic has the potential to delay and/or disrupt more important traffic.

SUMMARY

In one aspect, systems, methods, apparatuses and computer program products are provided. In one aspect, methods are disclosed, which comprise: receiving a plurality of network traffic streams, the network traffic streams comprising data communicated between sender devices and recipient devices; parsing the network traffic streams based upon one or more transmission protocol associated with the network traffic streams, the parsing being operable to identify characteristics of data packets respectively associated with the traffic streams; applying a plurality of tests to the data packets or groupings of data packets, each of the plurality of tests being operable to test some or all of the data packets for a classification characteristic; generating a results array based upon the classification characteristics identified by the plurality of tests; classifying each of the data packets into one or more classifications from a plurality of classifications based upon the results array; and, prioritizing the traffic streams associated with the data packets based upon a prioritization scheme, the prioritization scheme being based on the one or more classifications associated with the data packet.
Systems can include a classification module, a prioritization module and a communications interface. The classification module can receive data packets associated with one or more data streams and can classify each of the plurality of data streams into one or more classifications. The prioritization module can prioritize transmission of the data packets based upon a prioritization scheme, the prioritization scheme including a prioritization of each of the classifications, wherein the application of the prioritization scheme is operable to identify a priority data stream. The communications interface can allocate bandwidth to the priority data stream before allocation of any remaining bandwidth to remaining data streams.

DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram depicting network including a network traffic prioritization system.

FIG. 2 is a block diagram depicting an example of a network traffic prioritization system.

FIG. 3 is a block diagram depicting another example of a network traffic prioritization system.

FIG. 4 is a block diagram depicting another example of a network traffic prioritization system.

FIG. 5 is a block diagram illustrating an example network architecture including a router operable to receive input from a classification engine.

FIG. 6 is a flow diagram illustrating an example network traffic prioritization process.

FIG. 7 is a flow diagram illustrating an example classification and prioritization process.

DETAILED DESCRIPTION

FIG. 1 is a block diagram depicting network environment 100 including a network traffic prioritization system 110. The network traffic prioritization system 110 can operate to prioritize communications between a first entity 120 and a second entity 130 over a network 140. In some implementations, the traffic can be prioritized based upon a classification associated with the traffic. The prioritization, in various implementations, can operate to allocate more bandwidth to higher priority communications while allocating less bandwidth to lower priority communications. For example, communications that are classified as the highest priority (e.g., national security, commercial, business oriented, etc.) can be allocated bandwidth first, while communications classified as the lowest priority (e.g., spam, music downloads, adult content, social traffic, gaming content, entertainment content, malicious content, etc.) can be allocated any remaining bandwidth after higher priority communications have been transmitted.
In other implementations, the network traffic prioritization system 110 can have the ability to block types of network traffic based upon one or both of a classification associated with the network traffic or a reputation of an entity associated with the network traffic. In further implementations, the network traffic prioritization system 110 can prioritize certain network traffic based upon classification(s) associated with the network traffic and/or reputations of one or more entities associated with the network traffic, while blocking other network traffic based upon classification(s) of the network traffic and/or reputations of one or more entities associated with the network traffic.
In some implementations, the network traffic prioritization system 110 can be controlled by an administrator (e.g., internet service provider (ISP) or government entity). In various implementations, priority can be based on policy and can be received from an administrator and/or dynamically changed for technical reasons (e.g., exhaustion of bandwidth), legislative rule making (e.g., government policy) or business decision (e.g., conservation of resources) or a combination thereof. For example, in an emergency situation legitimate communications should not be slowed by bulk network traffic (e.g., spam, adult content, music downloads, etc.). In other implementations, the network traffic prioritization system 110 can receive input from the first or second entity indicating that the traffic being communicated between the entities should be prioritized over other traffic. For example, the government emergency telephone service (GETS) provides an access code to high level government workers for use during times of crisis, when phone systems are often overloaded.
Such systems could be expanded to data networks to provide robust data access during emergencies.
In some implementations, the first entity and/or the second entity can include a variety of different computing devices. For example, computing devices can include personal computers, routers, servers, mobile communications devices (e.g., cellular phones, mobile electronic mail (e-mail) devices, 802.11 x equipped laptop computers, laptop computers equipped evolution-data optimized (EV-DO) access cards, etc.), among many others. In other implementations, the first entity 120 and/or the second entity 130 can include networks. For example, networks can include sub-nets, wireless networks, cellular networks, data networks, voice networks, intranets, intranets, etc.
In various implementations, the first entity 120 and second entity 130 can communicate with each other through a network 140. The network 140, for example, can be the internet. In other examples, the network 140 can include intranets, sub-nets, etc. The first entity and second entity can communicate a variety of classifications of data. The network traffic prioritization system 110 can classify the data, and can apply a prioritization scheme to the data.
In some implementations, the prioritization scheme can allocate network bandwidth to highest priority data classifications first, and recursively allocate bandwidth to successively lower priority data classifications until there is no more bandwidth or all data classifications have been allocated bandwidth. For example, if there are classifications of business traffic having first priority, news traffic having second priority, and spam traffic having third priority, the business traffic can be allocated bandwidth first, the news traffic can be allocated bandwidth second (if any bandwidth is available), and the spam traffic can be allocated bandwidth third (if any bandwidth is available).
In other implementations, a prioritization scheme can specify that traffic can be allocated normally until a threshold network usage is reached. In such implementations, upon detecting the threshold network usage, the network traffic prioritization system 110 can disrupt a low priority data stream when a higher priority data stream is received, the priorities being based upon a prioritization scheme. For example, when a network 140 is experiencing heavy usage, the network traffic prioritization system 110 can disconnect a existing spam traffic stream from the system when a new business traffic stream instance is received or can block an outbound connection where the destination is a known phishing site, according to data from, for example, the classification or reputation modules.
In still further implementations, the network traffic prioritization system 110 can communicate high priority traffic first, and wait for periods of inactivity during which to send lower priority traffic based upon the prioritization scheme. For example, if high priority traffic can be placed in a high priority queue for transmission, while lower priority traffic can be placed in a low priority queue for transmission. In such examples, the data in the low priority queue might not be transmitted until the high priority queue is empty. Thus, the network traffic prioritization system can transmit all of the high priority traffic and then transmit lower priority traffic until more high priority traffic is received or all of the low priority traffic has been transmitted.
In other implementations, the network traffic prioritization scheme can include blocking certain classifications of network traffic and/or network traffic associated with network entities have a specified reputation. For example, network traffic associated with entities having a reputation for originating spam can be blocked from traversing the network. In further implementations, the prioritization scheme in addition to block certain types of network traffic can prioritize other network traffic having a specified classification or reputation can be prioritized over other traffic. In some examples, network traffic which is neither blocked nor prioritized can be transmitted as normal priority (e.g., using available bandwidth, transmitted during periods of low usage, using a reserved segment of bandwidth for normal priority traffic, etc.). In still further examples, the prioritization scheme can specify to block network traffic having a first classification while specifying to de-prioritize network traffic having another classification. De-prioritization of traffic can provide for transmitting low priority traffic (e.g., entertainment, streaming music or video, etc.) with low bandwidth, while blocking can provide for elimination of unwanted traffic (e.g., spam traffic, malware traffic, bot traffic, malicious traffic, etc.).
In various implementations, prioritization schemes according to any of the above implementations of prioritization schemes can be combined.
FIG. 2 is a block diagram depicting an example of a network traffic prioritization system 110 a. In some implementations, the network traffic prioritization system 110 a can include a communications interface 200, a classification module 210 and a prioritization module 220. In some implementations, the communications interface 200 can be a router. For example, the communications interface 200 operable to receive data packets from an originating entity (e.g., entity 120 of FIG. 1) and to forward the data packets to a receiving entity (e.g., entity 130 of FIG. 1). In such examples, the communications interface 200 can parse a data packet to determine how to route the data packet.
In various implementations, the classification module 210 can operate to classify data streams based upon the characteristics associated with the data streams. The classification module 210 can apply multiple tests to an individual communication and derive a result array from the message. The result array can be compared to characteristics of known communication classifications in order to define the classification associated with the data stream. Classification of data is described in more detail by U.S. patent application Ser. No. 11/173,941, entitled “Message Profiling Systems and Methods,” filed on Jun. 2, 2005, which is hereby incorporated by reference in its entirety. Classification of data is further described by U.S. patent application Ser. No. 11/173,941, entitled “Content-based Policy Compliance Systems and Methods, filed on May 15, 2006, which is hereby incorporated by reference in its entirety. The classification module 210, in some examples, can be provided by a TrustedSource™ database, available from Secure Computing Corporation of San Jose, Calif., which can operate to provide classification definitions against which communications can be compared for classification.
In various implementations, the classification module 210 can classify data into one or more of a number of categories. In various implementations, the categories can include, for example, adult content, spam content, music content, electronic mail traffic, electronic commerce traffic, business traffic, social traffic, web 2.0 traffic, messaging traffic, conferencing traffic, medical content, search traffic, gaming content, entertainment content, education content, syndicated content, podcast content, malicious content, opinion content, informational content, or news content. In some implementations, the categories can be identified by a corpus of documents associated with a classification. The corpus of documents can be those documents identified by users to include content associated with a particular classification. The classification module can perform a variety of tests on the corpus of documents to identify the defining features of the class of data. In some implementations, the characteristics of subsequently received data can be extracted and compared to the defining features of various identified classes of data to determine whether the subsequently received data belongs to any of the identified classes of data.
In some implementations, the user and/or administrator can define his or her own classifications of data. For example, a user might have his/her own subjective grouping of data. The user can group together documents that exemplify the types of data the user would assign to the classification. In such implementations, the classification module 210 can examine the user defined grouping and identify the distinguishing features that define the class. The classification module 210 can then extract characteristics from subsequently received data and compare the extracted characteristics to the user defined category to determine whether the subsequently received data belongs to the user defined category. Multiple user and/or administrator defined categories can be generated based upon user and/or administrator input.
After classifying the data stream, the network traffic management system 110 a can use a prioritization module 220 to determine a priority associated with the data stream. The prioritization module 220 can include a prioritization scheme operable to define a hierarchy associated with classification types. In various examples, the prioritization module can be operable to allocate bandwidth to each of the data streams based upon the classification associated with the respective data streams. For example, a data stream having a highest priority classification can be allocated bandwidth first, a data stream having a second priority classification can be allocated bandwidth second, a data stream having a third priority classification can be allocated bandwidth third, etc.
In some implementations, the prioritization module 220 is operable to receive prioritization input 230. The prioritization input 230, for example, can include specification of a prioritization scheme. In some implementations, the prioritization input 230, can include a signal to enable prioritization of the data streams. Upon prioritizing the data streams, the communications interface 200 can transmit the data streams to their respective destination based upon prioritization of the data streams.
FIG. 3 is a block diagram depicting another example of a network traffic prioritization system 110 b. In some implementations, the network traffic prioritization system 110 b can include a communications interface 300, a classification module 310, a prioritization module 320 and a delay module 330. In some implementations, the communications interface 200 can be a router.
The classification module 310, in various implementations, can operate to classify data streams based upon the characteristics associated with the data streams. The classification module 310 can apply multiple tests to an individual communication and derive a result array from the message. The result array can be compared to characteristics of known communication classifications in order to define the classification associated with the data stream. Classification of the data streams can be used to determine a priority associated with each of the respective data streams.
Upon classifying the data stream, the network traffic management system 110 b can use a prioritization module 320 to determine a priority associated with the data stream. The prioritization module 320 can include a prioritization scheme operable to define a hierarchy associated with classification types. In various examples, the prioritization module can be operable to send a low priority data stream to a delay module 330. In some implementations, the delay module 330 can include a low priority queue, whereby high priority traffic is transmitted based upon the available bandwidth, while data in the low priority queue is held until there is no high priority traffic to transmit.
In some implementations, the prioritization module 320 is operable to receive prioritization input 340. The prioritization input 340, for example, can include specification of a prioritization scheme. In some implementations, the prioritization input 340, can include a signal to enable prioritization of the data streams. Upon input from the prioritization module 320, the communications interface 300 can transmit the data streams to their respective destination.
FIG. 4 is a block diagram depicting another example of a network traffic prioritization system 110 c. In some implementations, the network traffic prioritization module 110 c can include a communications interface 400, a classification module 410, a reputation module 420 and a prioritization module 430. The network traffic prioritization system 110 c can be used to prioritize specific classifications of traffic over other classifications of traffic. For example, business traffic or government traffic can be prioritized over spam traffic.
The communications interface 400, in some implementations, can include the functionality of a router. For example, the communications interface can be operable to parse the data packets to determine a destination associated with each of the data packets. The communications interface 400 can forward the data packets to the destination responsive to input received from the prioritization module 430.
The classification module 410, in various implementations, can operate to classify data streams based upon the characteristics associated with the data streams. The classification module 410 can apply multiple tests to an individual communication and derive a result array from the message. The result array can be compared to characteristics of known communication classifications in order to define the classification associated with the data stream. Classification of the data streams can be used to determine a priority associated with each of the respective data streams.
A reputation module 420 can operate to determine the reputation associated with an originating entity (e.g., entity 120 of FIG. 1) or a receiving entity (e.g., entity 130 of FIG. 1). The reputation can be used to determine a reputation of the originating or receiving entity for various classifications of traffic. Reputation modules are describe in more detail in U.S. patent application Ser. No. 11/142,943, entitled “Systems and Methods for Classification of Messaging Entities,” filed on Jun. 2, 2005, which is hereby incorporated by reference in its entirety. Additional implementations of reputation modules can be found in U.S. patent application Ser. No. 11/626,462, entitled “Correlation and Analysis of Messaging Identifiers and Attributes,” filed on Jan. 24, 2007. In some implementations, the reputation of an entity for participating in types of activity can be used in conjunction with message classification to determine a priority associated with a data stream. For example, a data stream with a weak spam classification can be made stronger based on the data stream being associated with an entity that has a reputation for originating or receiving spam.
After classification of the data stream and reputation of the entities associated with the data stream, the network traffic management system 110 c can use a prioritization module 430 to determine a priority associated with the data stream. The prioritization module 430 can include a prioritization scheme operable to define a hierarchy associated with classification types and reputations. In some implementations, the prioritization module can allocate priority to certain classifications of data streams or entities with reputations for transmitting those classifications of data streams over other classifications of data streams and entity reputations based upon a prioritization scheme. The prioritization scheme can be provided, for example, by an administrator. In other examples, the prioritization scheme can be provided by a governmental entity.
In some implementations, the prioritization module 430 is operable to receive prioritization input 440. The prioritization input 440, for example, can include specification of a prioritization scheme. In some implementations, the prioritization input 440, can include a signal to enable prioritization of the data streams. Upon input from the prioritization module 430, the communications interface 400 can transmit the data streams to their respective destination.
FIG. 5 is a block diagram illustrating an example network architecture 500 including a router 510 operable to receive input from a classification engine 520. In some implementations, the router 510 can be part of a network 530, and operable to route traffic between a first entity 540 and a second entity 550. The router 510 can request classification information from the classification engine 520. The classification information can be used by the router 510 to determine whether to prioritize the associated data stream. In some implementations, the router 510 can operate to prioritize data packets based upon the classification associated with the data packets included in the data stream. Thus, data streams of higher priority can be allocated bandwidth prior to allocation of bandwidth to lower priority data streams independent of the order in which the data packets associated with the data stream are received.
In optional implementations, the router 510 can retrieve reputation information associated with the data streams from a reputation engine 560. The reputation information can be used to determine whether to provide priority to data streams associated with an entity of a given reputation. For example, entities with a reputation for sending government traffic might be provided priority over other entities in emergency situations. In other examples, data streams originating from entities with strong reputations for transmitting spam might be assigned a low priority with respect to data traffic originating from entities with reputations for originating reputable traffic. In additional implementations, reputation information can be used to confirm weak classifications of data streams.
In some implementations, the router can use the classification and/or reputation information to assign a priority associated with the data stream. Data streams of a first priority can be given transmission priority over data streams of a second or lower priority. Similarly, data streams of a second priority can be given transmission priority over data streams of a third or lower priority. Priority can be attained through allocation of bandwidth, delay of lower priority traffic, or transmission of low priority traffic during periods of inactivity.
FIG. 6 is a flow diagram illustrating an example network traffic prioritization process. At stage 600 data packets associated with one or more data streams are received. The data packets can be received, for example, by a communications interface (e.g., communications interface 200 of FIG. 2). The data packets can include a header and a payload. The header, for example, can identify an origination address and a destination address. The payload, for example, can identify the data being transmitted (e.g., a music download, a spam message, a teleconference, a voice over internet protocol communication, etc.).
At stage 610 a source and destination address of the data packets can be identified. The source and destination address can be identified, for example, by a communications interface (e.g., communications interface 200 of FIG. 2). In various implementations, the data packets can be parsed to identify the source and destination addresses from the data packet headers. The data packet headers can also identify a data stream to which the data packet belongs. In various implementations, the source and destination address can be used to determine a routing of the data packets.
At stage 620 the data stream is classified. The data stream can be classified, for example, by a classification module (e.g., classification module 210 of FIG. 2). In some implementations, the data stream can be classified based upon the identification of numerous characteristics associated with the data stream. The characteristics can be identified, for example, by multiple tests operating on the data packets and/or data stream. In some implementations, the data stream can be assembled to apply one or more tests to the data associated with the data stream. For example, an electronic message might be assembled to determine whether the message includes attributes characteristic of spam messages.
At stage 630 transmission of data packets can be prioritized. The transmission of data packets can be prioritized, for example, by a prioritization module (e.g., prioritization module 220 of FIG. 2). In some implementations, the prioritization module can prioritize the data streams based upon a prioritization scheme. For example, a prioritization scheme can define a hierarchy associated with each classification of data stream. In various implementations, the data streams can be prioritized through the allocation of bandwidth to a data stream based upon a classification associated with the data stream.
FIG. 7 is a flow diagram illustrating an example classification and prioritization process. At stage 700, network data streams are received. The data streams can be received, for example, by a communications interface (e.g., communications interface 200 of FIG. 2). The data streams can include a number of data packets. Each of the data packets can identify the stream it belongs to as well as source and destination address for routing purposes.
At stage 710, the data streams can be parsed to identify data packets within the streams. The data streams can be parsed, for example, by a communications interface (e.g., communications interface 200 of FIG. 2). The parsing of the data stream can enable reconstruction of the data, as well as provide information about the originating entity and the receiving entity.
At stage 720, multiple tests can be applied to the data packets. The tests can be applied to the data packets, for example, by a classification engine (e.g., classification module 210 of FIG. 2). Such tests are described in U.S. patent application Ser. No. 11/173,941, entitled “Message Profiling Systems and Methods.” Additional tests are described in U.S. patent application Ser. No. 11/383,347, entitled “Content-Based Policy Compliance Systems and Methods,” filed on May 15, 2006, which is hereby incorporated by reference in its entirety. In various implementations, the multiple tests can include tests to identify spam characteristics within the data, based upon size, data characteristics, header characteristics, etc. In additional implementations, other tests can be applied to the data to identify similarities between the data and known business data.
At stage 730, a results array can be generated based on the tests. The results array can be generated, for example, by a classification engine (e.g., classification module 210 of FIG. 2). In various implementations, the results array includes the results of each of the tests and can be compared to characteristic arrays that define various classifications of data communications.
At stage 740, the data packets are classified. The data packets can be classified, for example, by a classification engine (e.g., classification module 210 of FIG. 2). In some implementations, the data packets can be classified based upon the similarity of a data stream to data streams of known classification type. For example, the results array can be compared to a characteristic array associated with a classification type, and based upon the similarities between the results array and the characteristic array the data can be classified.
At stage 750, the data packets are prioritized. The data packets can be prioritized, for example, by a prioritization engine (e.g., prioritization module 220 of FIG. 2). In some implementations, the data packets can be prioritized based upon a prioritization scheme. The prioritization scheme, for example, can identify a hierarchy in which data of the highest classification is transmitted with priority over all other data types, and each succeeding priority level is transmitted with priority over other lower priority data types.
The systems and methods disclosed herein may use data signals conveyed using networks (e.g., local area network, wide area network, internet, etc.), fiber optic medium, carrier waves, wireless networks (e.g., wireless local area networks, wireless metropolitan area networks, cellular networks, etc.), etc. for communication with one or more data processing devices (e.g., mobile devices). The data signals can carry any or all of the data disclosed herein that is provided to or from a device.
The methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by one or more processors. The software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform methods described herein.
The systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.
The computer components, software modules, functions and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that software instructions or a module can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code or firmware. The software components and/or functionality may be located on a single device or distributed across multiple devices depending upon the situation at hand.
This written description sets forth the best mode of the invention and provides examples to describe the invention and to enable a person of ordinary skill in the art to make and use the invention. This written description does not limit the invention to the precise terms set forth. Thus, while the invention has been described in detail with reference to the examples set forth above, those of ordinary skill in the art may effect alterations, modifications and variations to the examples without departing from the scope of the invention.
As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise. Finally, as used in the description herein and throughout the claims that follow, the meanings of “and” and “or” include both the conjunctive and disjunctive and may be used interchangeably unless the context clearly dictates otherwise.
Ranges may be expressed herein as from “about” one particular value, and/or to “about” another particular value. When such a range is expressed, another embodiment includes from the one particular value and/or to the other particular value. Similarly, when values are expressed as approximations, by use of the antecedent “about,” it will be understood that the particular value forms another embodiment. It will be further understood that the endpoints of each of the ranges are significant both in relation to the other endpoint, and independently of the other endpoint.
These and other implementations are within the scope of the following claims.

Claims

1. A computer implemented network traffic prioritization method comprising:

receiving data in each of a plurality of classes;

for each of the plurality of classes, identifying class features for the class based on features of the data in the class;

receiving a plurality of network traffic streams, the network traffic streams comprising data packets communicated between sender devices and recipient devices;

identifying characteristics of the data packets;

for each of the data packets, comparing the characteristics of the data packet to the class features of the plurality of classes;

classifying, by one or more processors, each of the data packets into one or more classifications based on the comparison;

identifying reputations of originating or destination entities associated with the network traffic streams; and

determining one or more priorities of the network traffic streams based on a prioritization scheme that is based on one or more of the reputations of the originating or destination entities and the one or more classifications of the data packets.

2. The method of claim 1, further comprising:

transmitting the data packets based on the one more priorities of the network traffic streams.

3. The method of claim 2, further comprising:

determining whether a network threshold usage has been exceeded by the transmission of data packets from the network traffic streams; and

wherein transmitting the data packets comprises:

in response to determining that the network threshold usage has been exceeded, disrupting the transmission of data packets from a first one of the network traffic streams having a priority that is lower than a priority of a second one of the network traffic streams.

4. The method of claim 2, wherein transmitting the data packets comprises:

dropping data packets from a network traffic stream from an originating entity having an identified reputation for originating spam.

5. The method of claim 2, wherein transmitting the data packets comprises:

delaying data packets from a network traffic stream from an originating entity having an identified reputation for originating spam.

6. The method of claim 2, wherein transmitting the data packets comprises:

allocating network bandwidth to a first one of the network traffic streams having a priority that is higher than a priority of a second one of the network traffic streams prior to allocation of network bandwidth to the second one of the network traffic streams independent of an order in which the data packets from the first and second network traffic streams are received.

7. The method of claim 1, wherein determining one or more priorities of the network traffic streams comprises:

identifying the prioritization scheme, the prioritization scheme specifying a prioritization of each of the one or more classifications and the reputations.

8. The method of claim 1, further comprising:

allocating network bandwidth to each of the network traffic streams based on a first allocation scheme;

determining whether a network threshold usage has been exceeded by transmission of data packets from the network traffic streams; and

in response to determining that the network threshold usage has been exceeded, allocating the network bandwidth based the prioritization scheme, wherein the prioritization scheme is different from the first allocation scheme.

9. A system comprising:

a data processing apparatus; and

software stored on a computer storage apparatus and comprising instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:

receiving data in each of a plurality of classes;

identifying characteristics of the data packets;

prioritizing the network traffic streams based on a prioritization scheme that is based on one or more of the reputations of the originating or destination entities and the one or more classifications of the data packets.

10. The system of claim 9, wherein upon execution of the instructions the data processing apparatus further performs operations comprising:

transmitting the data packets based on the prioritization scheme.

11. The system of claim 10, wherein upon execution of the instructions the data processing apparatus further performs operations comprising:

wherein transmitting the data packets comprises:

12. The system of claim 10, wherein transmitting the data packets comprises:

13. The system of claim 10, wherein transmitting the data packets comprises:

14. The system of claim 10, wherein transmitting the data packets comprises:

15. The system of claim 9, wherein determining one or more priorities of the network traffic streams comprises:

16. The system of claim 9, wherein upon execution of the instructions the data processing apparatus further performs operations comprising:

17. A computer storage medium encoded with a computer program, the program comprising instructions that when executed by a data processing apparatus cause the data processing apparatus to perform operations, comprising:

receiving data in each of a plurality of classes;

identifying characteristics of the data packets;

identifying reputations of originating or destination entities associated with the network traffic streams;

determining one or more priorities of the network traffic streams based on a prioritization scheme that is based on one or more of the reputations of the originating or destination entities and the one or more classifications of the data packets; and

18. The computer storage medium of claim 17, wherein transmitting the data packets comprises:

19. The computer storage medium of claim 17, wherein transmitting the data packets comprises:

20. The computer storage medium of claim 19, wherein delaying data packets from a network traffic stream comprises:

delaying the data packets having a specified characteristic based on the prioritization scheme.