Using flow metric events to control network operation
First Claim
1. A method of monitoring flows of a network system and responding to triggering conditions based on the monitoring, the network system including one or more network devices, the method comprising the steps of:
- a. monitoring the network system for flow metrics events;
b. analyzing the monitored flow metric events; and
c. generating a response deemed responsive to any analyzed flow metric events determined to require a response.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method to monitor, detect, analyze and respond to, triggering conditions associated with packet and signal flows in a network system including attached functions and a network infrastructure. The system includes a detection function, an analysis function, and a response function. The detection function includes a monitoring sub-function, a flow definition sub-function, and a monitor counter sub-function. The flow definition sub-function defines the types of activities associated with the traffic flow that may indicate a triggering condition requiring analysis and potentially a response. The monitor sub-function observes traffic flows. The monitor counter sub-function counts the defined types of activities occurring in the device. The analysis function analyzes the event from the monitored flows, flow counters, status and other network information and determines whether a response is required. The response function initiates a response to a perceived event or attack based on the events detected in the flow metrics and other data. The response function further includes a sub-function for activating changes throughout the network system based on receiving and sending event notifications. Responses generated by the response function include dynamic policy changes.
141 Citations
55 Claims
-
1. A method of monitoring flows of a network system and responding to triggering conditions based on the monitoring, the network system including one or more network devices, the method comprising the steps of:
-
a. monitoring the network system for flow metrics events;
b. analyzing the monitored flow metric events; and
c. generating a response deemed responsive to any analyzed flow metric events determined to require a response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of detecting and responding to one or more triggering conditions associated with flows of signal exchanges from or between a plurality of attached functions of a network system, the network system including one or more network devices, the method comprising the steps of:
-
a. establishing flow definitions;
b. associating each flow definition with a flow counter, wherein the flow counter generates count information for the defined flow;
c. monitoring one or more flows of the network system for the flow definitions; and
d. generating a response when the count information reaches a defined value. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method of tracking flows of signal exchanges via packets between a plurality of attached functions of a network system, identifying one or more triggering conditions associated with the flows, and generating a response, the network system including one or more network infrastructure devices, the method comprising the steps of:
-
a. establishing a flow definition;
b. monitoring one or more defined flows;
c. associating each flow definition with a flow counter, wherein the flow counter generates count information for the flow definition;
d. defining particular count information as a triggering condition; and
e. upon determining that a triggering condition exists, generating a response by changing one or more policies associated with one or more network infrastructure devices, one or more attached functions, or both. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A Detection and Response System (DRS) for tracking flows of signal exchanges via packets from or between a plurality of functions of a network system, identifying one or more triggering conditions associated with the flows, and generating a response to the one or more triggering conditions, the network system including one or more network infrastructure devices, the DRS comprising:
-
a. a Detection Function for monitoring defined flows associated with the network system, and detecting defined triggering conditions; and
b. a Response Function for responding to triggering conditions defined to require a response and implementing a change of condition of the network system. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A Detection and Response System (DRS) for tracking flows of signal exchanges via packets between a plurality of attached functions of a network system, identifying one or more triggering conditions associated with the flows, and generating a response, the network system including one or more network infrastructure devices, the DRS comprising:
-
a. a flow definition sub-function for defining activity types to be monitored;
b. a monitor sub-function for monitoring flows associated with the network system;
c. a monitor counter sub-function for counting the defined activity types; and
d. a response function for initiating a response in the network system to a monitored flow based on a count of a defined activity type.
-
-
47. A method of detecting one or more triggering conditions associated with flows of signal exchanges between a plurality of attached functions of a network system and responding thereto, the network system including one or more network infrastructure devices, the method comprising the steps of:
-
a. establishing for the one or more network infrastructure devices a flow definition for each flow monitored;
b. monitoring each defined flow of the network system;
c. associating each flow definition with a flow counter, wherein the flow counter generates count information for the flow definition;
d. analyzing the count information;
e. determining whether the analyzed count information indicates a triggering condition requiring a response; and
f. responding to the triggering condition through modification of the operation of the one or more network infrastructure devices. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55)
-
Specification