Visualization of traffic flowing through a host

US 10,601,778 B2
Filed: 09/15/2016
Issued: 03/24/2020
Est. Priority Date: 09/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors for handling requests to a protected computer network, the method comprising steps of:

intercepting data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets;

analyzing the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets;

providing a graphical representation on a user display indicating the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and

providing on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“

user selected node”

) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;

1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and

2) a focus button which when selected by the user causes a change in the selected node subject to analysis.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer readable storage medium that analyzes network traffic intercepts data communications occurring between one or more hosts and a preselected target host in a protected network. The intercepted data communication includes a plurality of data packets. The intercepted data communications are analyzed to determine volumetric incoming and outgoing traffic flows for the received data packets. The determined volumetric incoming traffic flow for the received packets is graphically represented by a first region. The determined volumetric outgoing traffic flow for the received packets is graphically represented by a second region. The graphical representation includes a plurality of nodes interconnected by a plurality of links. The plurality of nodes represents the hosts. The plurality of links indicate operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications.

15 Citations

View as Search Results

18 Claims

1. A method performed by a computer system having one or more processors and memory storing one or more programs for execution by the one or more processors for handling requests to a protected computer network, the method comprising steps of:
- intercepting data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets;
  
  analyzing the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets;
  
  providing a graphical representation on a user display indicating the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and
  
  providing on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
  
  user selected node”
  
  ) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
  
  1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
  
  2) a focus button which when selected by the user causes a change in the selected node subject to analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein the first region is arranged on the left side of a display device and the second region is arranged on the right side of a display device.
  - 3. The method as recited in claim 1, wherein the step of analyzing the intercepted data communications further comprises filtering out data communications based on a previously generated first filter having at least one traffic setting.
  - 4. The method as recited in claim 3, further comprising the step of a user prescribing a second filter by interacting with the plurality of nodes and/or the plurality of links included in the graphical representation.
  - 5. The method as recited in claim 1, further comprising the step of enabling a user to highlight suspicious data communications in the graphical representation.
  - 6. The method as recited in claim 1, wherein the step of graphically representing the determined incoming volumetric traffic flow and graphically representing the determined volumetric outgoing traffic flow further comprises the step of aggregating the one or more hosts into groups based on a user-specified aggregation criterion and wherein each of the plurality of nodes in the graphical representation represents one of the aggregated groups.
  - 7. The method as recited in claim 1, further comprising the step of providing a control in the form of a scrollable view bar arranged in a control area of the graphical representation, the scrollable view bar having manipulable handle and a view window configured for visually indicating a portion of the determined incoming or outgoing volumetric traffic flow in the graphical representation.
  - 8. The method as recited in claim 7, wherein the scrollable view bar enables a user to indicate suspicious data communications in the graphical representation using color coded graphical indicators arranged within the scrollable view bar.
  - 9. The method as recited in claim 7, wherein the scrollable view bar enables a user to prescribe a second filter by interacting with the scrollable view bar.

10. A system for analyzing network traffic based upon user selected values, comprising:
- a memory;
  
  a processor disposed in communication with said memory, and configured to issue a plurality of instructions stored in the memory, wherein the instructions issue signals to;
  
  intercept data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets;
  
  analyze the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets;
  
  provide a graphical representation on a user display the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and
  
  provide a control in the form of a scrollable view bar arranged in a control area of the graphical representation, the scrollable view bar having manipulable handle and a view window configured for visually indicating a portion of the determined incoming or outgoing volumetric traffic flow in the graphical representation; and
  
  provide on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
  
  user selected node”
  
  ) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
  
  1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
  
  2) a focus button which when selected by the user causes a change in the selected node subject to analysis.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system as recited in claim 10, wherein the first region is arranged on the left side of a display device and the second region is arranged on the right side of a display device.
  - 12. The system as recited in claim 10, wherein analyzing the intercepted data communications further comprises filtering out data communications based on a previously generated first filter having at least one traffic setting.
  - 13. The system as recited in claim 12, wherein a user prescribes a second filter by interacting with the plurality of nodes and/or the plurality of links included in the graphical representation.
  - 14. The system as recited in claim 10, wherein graphically representing the determined incoming volumetric traffic flow and graphically representing the determined volumetric outgoing traffic flow further comprises aggregating the one or more hosts into groups based on a user-specified aggregation criterion and wherein each of the plurality of nodes in the graphical representation represents one of the aggregated groups.
  - 15. The system as recited in claim 10, wherein the scrollable view bar enables a user to indicate suspicious data communications in the graphical representation using color coded graphical indicators arranged within the scrollable view bar.

16. A non-transitory computer readable storage medium and one or more computer programs embedded therein, the computer programs comprising instructions, which when executed by a computer system, cause the computer system to:
- intercept data communications occurring between one or more hosts and a preselected target host in the protected computer network, the intercepted data communication comprising a plurality of data packets;
  
  analyze the intercepted data communications to determine volumetric incoming traffic flow and to determine volumetric outgoing traffic flow for the received data packets; and
  
  provide a graphical representation on a user display the determined volumetric incoming traffic flow for the received data packets by a first region and graphically representing the determined volumetric outgoing traffic flow for the received data packets by a second region, the graphical representation comprising a plurality of nodes interconnected by a plurality of links, the plurality of nodes representing the one or more hosts and the plurality of links indicating operational relationship between the preselected target host, the one or more hosts, communication ports and communication services used in the data communications and wherein selection of an individual link by a user provides a popup window indicating traffic information associated with the user selected link; and
  
  provide on the user display additional information in a popup window responsive to a user'"'"'s interaction with a cursor on the user display whereby when the user positions the cursor over one of the plurality of nodes (“
  
  user selected node”
  
  ) a first section of the popup window illustrates traffic being sent to the user selected node wherein a second section of the popup window includes;
  
  1) a filter button which when selected by the user is configured to provide additional user prescribed filtering for traffic flow to the user selected node; and
  
  2) a focus button which when selected by the user causes a change in the selected node subject to analysis.
- View Dependent Claims (17, 18)
- - 17. The non-transitory computer readable storage medium as recited in claim 16, wherein analyzing the intercepted data communications further comprises filtering out data communications based on a previously generated first filter having at least one traffic setting.
  - 18. The non-transitory computer readable storage medium as recited in claim 16, wherein graphically representing the determined incoming volumetric traffic flow and graphically representing the determined volumetric outgoing traffic flow further comprises aggregating the one or more hosts into groups based on a user-specified aggregation criterion or based on a pre-defined system criterion and wherein each of the plurality of nodes in the graphical representation represents one of the aggregated groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Original Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Inventors
Fields, Joshua M., Cassell, Christopher C., Doppke, Jeffrey
Primary Examiner(s)
Colin, Carl G
Assistant Examiner(s)
Little, Vance M

Application Number

US15/266,785
Publication Number

US 20180077119A1
Time in Patent Office

1,286 Days
Field of Search
US Class Current
CPC Class Codes

G06T 11/206   Drawing of charts or graphs

H04L 2463/143   Denial of service attacks i...

H04L 43/045   for graphical visualisation...

H04L 43/065   related to network devices

H04L 43/0876   Network utilisation, e.g. v...

H04L 63/0263   Rule management

H04L 63/1458   Denial of Service

Visualization of traffic flowing through a host

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Visualization of traffic flowing through a host

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links