Visualization of network threat monitoring

US 10,567,415 B2
Filed: 09/15/2016
Issued: 02/18/2020
Est. Priority Date: 09/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method for providing an interactive graphical user interface for monitoring network traffic, the method comprising:

receiving traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;

identifying network threats in intercepted traffic of the network traffic;

identifying a time associated with detection of each occurrence of the network threats; and

generating a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis including an inbound plot associated with incoming network traffic and an outbound plot associated with outbound network traffic, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats wherein the alert indicators are interactive elements, the alert plot further including a vertical axis that indicate different network threat categories and a horizontal time line axis extending from each threat category whereby alert indicators are positioned along a horizontal time line axis extending from an alert category positioned along the vertical axis to which each alert indicator is to indicate both a time occurrence and alert category based on graph position, each alert indicator also being provided with a graphic indicator indicating a severity of a threat violation relative one another; and

generating an interactive popup window on the display responsive to user activation of a selected displayed alert indicator wherein the popup window includes;

a time stamp indicating a time which a network threat associated the user selected alert indicator was detected and a name of a violated network policy associated with the network threat.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to monitor a network is provided which includes identifying a time associated with detection of each occurrence of the network threats and generating a graphical user interface that includes a display of a time series graph that corresponds to a selected time period and an interactive popup window indicating certain details associated with a user selected network threat.

12 Citations

View as Search Results

8 Claims

1. A method for providing an interactive graphical user interface for monitoring network traffic, the method comprising:
- receiving traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;
  
  identifying network threats in intercepted traffic of the network traffic;
  
  identifying a time associated with detection of each occurrence of the network threats; and
  
  generating a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis including an inbound plot associated with incoming network traffic and an outbound plot associated with outbound network traffic, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats wherein the alert indicators are interactive elements, the alert plot further including a vertical axis that indicate different network threat categories and a horizontal time line axis extending from each threat category whereby alert indicators are positioned along a horizontal time line axis extending from an alert category positioned along the vertical axis to which each alert indicator is to indicate both a time occurrence and alert category based on graph position, each alert indicator also being provided with a graphic indicator indicating a severity of a threat violation relative one another; and
  
  generating an interactive popup window on the display responsive to user activation of a selected displayed alert indicator wherein the popup window includes;
  
  a time stamp indicating a time which a network threat associated the user selected alert indicator was detected and a name of a violated network policy associated with the network threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - categorizing each of the identified network threats in a threat category of a plurality of threat categories based on monitoring of the network traffic; and
      
      aligning the plotted alert indicators along a second axis that corresponds to a series of the plurality of threat categories, each of the threat categories corresponding to a different location on the second axis, wherein the respective alert indictors are aligned along the second axis based on the threat category to which the associated detected network threat is categorized.
  - 3. The method of claim 1, wherein the timeline includes a first timeline portion and a second timeline portion, and wherein the first timeline portion has a first time scale and corresponds to a first time period, and the second timeline portion has a second time scale different than the first time scale and corresponds to a second time period different than the first time period.
  - 4. The method of claim 1, wherein the generated popup window further includes indication of a number of events for which the violated network policy has occurred.
  - 5. The method of claim 4, wherein the generated popup window further includes an interactive icon which generates a second popup window on the display responsive to user activation of the interactive icon wherein the second popup window includes a direction of traffic the network threat was first detected.
  - 6. The method of claim 5, wherein the generated second popup window further includes an address of a destination host or port associated with the network threat.
  - 7. The method of claim 6, wherein the generated second popup window further includes a description of the violated network policy threat and a menu bar with one or more interactive display elements regarding user selected one or more tasks to be performed associated with the violated network policy.
  - 8. The method of claim 7, wherein the one or more tasks includes mitigating one or more network threats with a threat management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Original Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Inventors
Doppke, Jeffrey, Fields, Joshua M., Cassell, Christopher C.
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
Little, Vance M

Application Number

US15/266,804
Publication Number

US 20180077189A1
Time in Patent Office

1,251 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Visualization of network threat monitoring

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Visualization of network threat monitoring

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links