System and method to select and apply hypothetical mitigation parameters
First Claim
Patent Images
1. A system to select mitigation parameters, the system comprising:
- at least one packet intercept device coupled to a communication link in a computer network configured to make copies of packets of network traffic traversing in the computer network;
a flow collector device coupled to the at least one packet intercept device configured to generate flows records associated with received network traffic packets captured by the at least one packet intercept device;
a packet collector device coupled to the at least one packet intercept device configured to generate packet summaries associated with received network traffic packets captured by the at least one packet intercept device; and
a network analytics system coupled to each of the flow collector device and the packet collector device, including;
a memory configured to store instructions;
a processor disposed in communication with the memory, wherein the processor upon execution of the instructions is configured to;
provide a graphical user interface (GUI) that provides a plurality of interactive display elements that a user operates to select at least the following mitigation parameters;
1) a filter definition for a filter to be applied;
2) an attack traffic threshold value;
3) a flow traffic threshold value; and
4) a time window;
define first user selected mitigation parameters for mitigation application whereby a user through interaction with the GUI selects each of
1) a filter definition for a filter to be applied;
2) an attack traffic threshold value;
3) a flow traffic threshold value; and
4) a time window;
access a selected portion of stored network traffic for application of the first user selected mitigation parameters utilizing the generated flow records and packet summaries that corresponds to the user selected time window;
apply the first user selected mitigation parameters to the selected portion of the stored network traffic; and
output results of the applied first user selected mitigation parameters on the selected portion of the stored network traffic to be displayed on the GUI.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided to select mitigation parameters. The method includes receiving selection of at least one mitigation parameter, accessing a selected portion of stored network traffic or associated summaries that corresponds to a selectable time window, applying a mitigation to the selected portion of the stored network traffic or associated summaries using the selected at least one mitigation parameter, and outputting results of the applied mitigation.
22 Citations
6 Claims
-
1. A system to select mitigation parameters, the system comprising:
-
at least one packet intercept device coupled to a communication link in a computer network configured to make copies of packets of network traffic traversing in the computer network; a flow collector device coupled to the at least one packet intercept device configured to generate flows records associated with received network traffic packets captured by the at least one packet intercept device; a packet collector device coupled to the at least one packet intercept device configured to generate packet summaries associated with received network traffic packets captured by the at least one packet intercept device; and a network analytics system coupled to each of the flow collector device and the packet collector device, including; a memory configured to store instructions; a processor disposed in communication with the memory, wherein the processor upon execution of the instructions is configured to; provide a graphical user interface (GUI) that provides a plurality of interactive display elements that a user operates to select at least the following mitigation parameters;
1) a filter definition for a filter to be applied;
2) an attack traffic threshold value;
3) a flow traffic threshold value; and
4) a time window;define first user selected mitigation parameters for mitigation application whereby a user through interaction with the GUI selects each of
1) a filter definition for a filter to be applied;
2) an attack traffic threshold value;
3) a flow traffic threshold value; and
4) a time window;access a selected portion of stored network traffic for application of the first user selected mitigation parameters utilizing the generated flow records and packet summaries that corresponds to the user selected time window; apply the first user selected mitigation parameters to the selected portion of the stored network traffic; and output results of the applied first user selected mitigation parameters on the selected portion of the stored network traffic to be displayed on the GUI. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification