Apparatus and method for monitoring network using the parallel coordinate system

US 20070044147A1
Filed: 01/03/2006
Published: 02/22/2007
Est. Priority Date: 08/17/2005
Status: Abandoned Application

First Claim

Patent Images

1. A network monitoring apparatus for monitoring a first network, comprising:

a network packet collector collecting packets of the first network; and

a visual information generator generating visual information by displaying the packets on a parallel coordinate system which has at least two parallel axes for parameters of the packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network monitoring apparatus collects packets of a first network, and generates visual information by displaying the packets on a parallel coordinate system which has one or more parallel axis for parameters of the packets. The network monitoring apparatus may extract attack packets from the packet, and the network monitoring apparatus may transmit the visual information to a remote server. Through the network monitoring apparatus, the network manager can visually grasp the state of the network or the existence of a network attack.

133 Citations

28 Claims

1. A network monitoring apparatus for monitoring a first network, comprising:
- a network packet collector collecting packets of the first network; and
  
  a visual information generator generating visual information by displaying the packets on a parallel coordinate system which has at least two parallel axes for parameters of the packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network monitoring apparatus of claim 1, further comprising an attack packet extractor extracting attack packets from the packets, wherein the visual information generator generates the visual information with the attack packets.
  - 3. The network monitoring apparatus of claim 2, wherein the attack packet extractor comprises:
    - at least two parameter storages in which the same value is stored only once;
      
      an attack type identifier generator generating an attack type identifier of a packet according to whether or not the value of each parameters of the packet is already stored in the parameter storages;
      
      at least one attack packet storage in which packets are stored according to types of attack;
      
      a packet storing controller storing the packet in the attack packet storage according to the attack type identifier; and
      
      an attack packet provider providing packets of the attack packet storage to the visual information generator in case the attack packet storage has more packets than a predetermined number.
  - 4. The network monitoring apparatus of claim 3, wherein the parameter storages is cleared after a predetermined time period elapses.
  - 5. The network monitoring apparatus of claim 3, wherein the attack packet storage is cleared after a predetermined time period elapses.
  - 6. The network monitoring apparatus of claim 2, further comprising:
    - a warning information generator generating warning information in a case that the attack packets exist; and
      
      a network state information transmitter transmitting the warning information to a remote apparatus through the first network.
  - 7. The network monitoring apparatus of claim 2, further comprising:
    - a warning information generator generating a warning information in a case that the attack packets exist; and
      
      a network state information transmitter transmitting the
  - 8. The network monitoring apparatus of claim 1, further comprising:
    - a network state information transmitter transmitting the visual information to a remote apparatus through the first network.
  - 9. The network monitoring apparatus of claim 1, further comprising:
    - a network state information request receiver receiving a network state information request to request states of the first network through the first network; and
      
      a network state information transmitter transmitting the visual information to a remote apparatus through the first network in response to the network state information request.
  - 10. The network monitoring apparatus of claim 1, further comprising:
    - a network state information transmitter transmitting the visual information to a remote apparatus through a second network.
  - 11. The network monitoring apparatus of claim 1, further comprising:
    - a network state information request receiver receiving a network state information request to request states of the first network through a second network; and
      
      a network state information transmitter transmitting the visual information to a remote apparatus through the second network in response to the network state information request.
  - 12. The network monitoring apparatus of claim 1, further comprising:
    - a visual information displayer displaying the visual information in a display device.

13. A network monitoring method for monitoring a first network, comprising:
- collecting packets of the first network; and
  
  generating visual information by displaying the packets on a parallel coordinate system which has one or more parallel axes for parameters of the packets.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The network monitoring method of claim 13, further comprising extracting attack packets from the packets of the first network, wherein generating the visual informaion comprises generating the visual information by displaying the attack packets.
  - 15. The network monitoring method of claim 14, wherein extracting the attack packets comprises:
    - generating an attack type identifier of a packet according to whether or not the value of each parameter of the packet is already stored in parameter storages in which the same value is stored only once; and
      
      storing the packet in an attack packet storage according to the attack type identifier.
  - 16. The network monitoring method of claim 15, wherein the parameter storages are cleared after a predetermined time period elapses.
  - 17. The network monitoring method of claim 15, wherein the attack packet storage is cleared after a predetermined time period elapses.
  - 18. The network monitoring method of claim 14, further comprising:
    - generating warning information in a case that the attack packets exist; and
      
      transmitting the warning information to a remote apparatus through the first network.
  - 19. The network monitoring method of claim 14, further comprising:
    - generating a warning information in a case that the attack packets exist; and
      
      transmitting the warning information to a remote apparatus through a second network.
  - 20. The network monitoring method of claim 13, further comprising transmitting the visual information to a remote apparatus through the first network.
  - 21. The network monitoring method of claim 13, further comprising:
    - receiving a network state information request to request states of the first network through the first network; and
      
      transmitting the visual information to a remote apparatus through the first network in response to the network state information request.
  - 22. The network monitoring method of claim 13, further comprising transmitting the visual information to a remote apparatus through a second network.
  - 23. The network monitoring method of claim 13, further comprising:
    - receiving a network state information request to request states of the first network through a second network; and
      
      transmitting the visual information to a remote apparatus through the second network in response to the network state information request.
  - 24. The network monitoring method of claim 13, further comprising displaying the visual information in a display device.

25. A network analyzing apparatus for analyzing a first network, comprising:
- a network packet collector collecting packets of the first network;
  
  at least two parameter storages in which the same value is stored only once; and
  
  an attack type identifier generator generating an attack type identifier of a packet according to whether or not the value of each parameter of the packet is already stored in the parameter storages.
- View Dependent Claims (26)
- - 26. The network analyzing apparatus of claim 25, further comprising:
    - at least one attack packet storage in which packets are stored according to types of attack; and
      
      a packet storing controller storing the packet in the attack packet storage according to the attack type identifier.

27. An attack type identifying method for identifying an attack type of a packet on a first network, comprising:
- collecting packets of the first network; and
  
  generating an attack type identifier of a packet according to whether or not the value of each parameter of the packet is already stored in parameter storages in which the same value is stored only once.

28. A packet classifying method for classifying packets on a first network according to attack type, comprising:
- collecting packets of the first network;
  
  generating an attack type identifier of a packet according to whether or not the values of each parameter of the packet are already stored in parameter storages in which the same value is stored only once; and
  
  storing the packet in an attack packet storage according to the attack type identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Korea University Industrial & Academic Collaboration Foundation
Original Assignee
Korea University Industrial & Academic Collaboration Foundation
Inventors
Lee, Hee-Jo, Choi, Hyun-Sang

Application Number

US11/324,698
Publication Number

US 20070044147A1
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/1408   by monitoring network traff...

Apparatus and method for monitoring network using the parallel coordinate system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

133 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for monitoring network using the parallel coordinate system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links