Method of non-intrusive analysis of secure and non-secure web application traffic in real-time
First Claim
1. A method for non-intrusive real-time analysis of secure communications between a first application and a second application, wherein the first and second applications communicate through a communication channel, comprising the steps of:
- non-intrusively and securely capturing a plurality of secure communications between the first application and the second application substantially in real-time;
processing the plurality of communications to form a first plurality of information units, each information unit comprising application level information substantially in real-time;
analyzing a second plurality of information units up to an application layer, the second plurality comprising one or more of the first plurality of information units, to determine a plurality of dependencies among the second plurality of information units substantially in real-time;
organizing the second plurality of information units into a hierarchical data structure according to the plurality of dependencies among the information units.
8 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method and system for monitoring and analysis of networked systems, that is non-intrusive and real time. Both secure and non-secure traffic may be analyzed. The provided method involves non-intrusively copying data from a communication medium, reconstructing this data to a higher level of communication, such as the application level, grouping the data into sets, each set representing a session, and organizing the data for chosen sessions in hierarchical fashion which corresponds to the hierarchy of the communicated information. If monitored communications are encrypted, they are non-intrusively decrypted in real time. Hierarchically reconstructed session data is used by one or more plug-in applications, such as alarms, archival applications, visualization applications, script generation applications, abandonment monitoring applications, error detection applications, performance monitoring applications, and others.
372 Citations
41 Claims
-
1. A method for non-intrusive real-time analysis of secure communications between a first application and a second application, wherein the first and second applications communicate through a communication channel, comprising the steps of:
-
non-intrusively and securely capturing a plurality of secure communications between the first application and the second application substantially in real-time;
processing the plurality of communications to form a first plurality of information units, each information unit comprising application level information substantially in real-time;
analyzing a second plurality of information units up to an application layer, the second plurality comprising one or more of the first plurality of information units, to determine a plurality of dependencies among the second plurality of information units substantially in real-time;
organizing the second plurality of information units into a hierarchical data structure according to the plurality of dependencies among the information units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for non-intrusive real-time analysis of secure communications between a first application and a second application, the first and second applications using a communication channel, the system comprising:
-
a non-intrusive and secure communications capture device, connected to the communications channel;
a network module, connected to the communications capture device and configured to process communications from the physical layer to the network layer substantially in real-time; and
a session reconstruction unit, connected to the network module and configured to process communications to the application layer in real-time, to group communications into transactions and to arrange transactions in a hierarchical data structure according to dependencies within the information contained in the transactions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for non-intrusive analysis of secure communications between two or more applications, communicating through a communication channel, comprising the steps of:
-
non-intrusively and securely capturing the communications passing through the communications channel substantially in real-time;
processing one or more of the communications to the application layer substantially in real-time;
grouping one or more of the processed communications into transactions substantially in real-time;
parsing one or more of the transactions in order to determine dependencies among them substantially in real-time; and
grouping one or more of the transactions into a hierarchical structure, according to the dependencies among the transactions. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for non-intrusive real-time analysis of secure communications between a first application and a second application, the first and second applications using a communication channel, the system comprising the steps of:
-
non-intrusively copying a plurality of secure communications from the communication channel substantially in real-time;
processing the plurality of communications to the transport layer substantially in real-time;
grouping the processed plurality of communications into a plurality of transactions substantially in real-time; and
arranging one or more of the plurality of transactions into a hierarchical data structure according to dependencies within the information contained in the plurality of transactions. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification