OPERATING A NETWORK MONITORING ENTITY

US 20090222924A1
Filed: 03/01/2007
Published: 09/03/2009
Est. Priority Date: 03/02/2006
Status: Active Grant

First Claim

Patent Images

1. A method for operating a network monitoring entity (TE) comprising at said network monitoring entity (TE) the steps of:

receiving network flow records (FR) from several administrative domains (AD1-AD5);

performing an analysis (AN) of the network flow records (FR) to locate a source of malicious network flow; and

providing serviced entities (SE) with a result (RE) of the analysis (AN).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.

116 Citations

View as Search Results

16 Claims

1. A method for operating a network monitoring entity (TE) comprising at said network monitoring entity (TE) the steps of:
- receiving network flow records (FR) from several administrative domains (AD1-AD5);
  
  performing an analysis (AN) of the network flow records (FR) to locate a source of malicious network flow; and
  
  providing serviced entities (SE) with a result (RE) of the analysis (AN).
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 3. The method according to claim 1, wherein the analysis step (S3) is conducted when a trigger event (TRE) is received from one of the administrative domains (AD1-AD5) or one of the serviced entities (SE).
  - 4. The method according to claim 3, wherein the trigger event (TRE) has a trigger network flow record (TRF) associated to it, and wherein information content of the trigger network flow record (TFR) is used in the analysis.
  - 5. The method according to claim 4, wherein the trigger event (TRE) comprises a spam signal and the trigger network flow record (TFR) comprises at least part of a respective spam message.
  - 6. The method according to claim 4, wherein the trigger event (TRE) comprises one of a virus signal and a worm signal.
  - 7. The method according to claim 1, wherein the result (RE) comprises a characteristic for the source of the malicious network flow.
  - 8. The method according to claim 1, further comprising a request step (S5) of the trusted entity (TE) requesting additional network flow information (AFI) for a given set of network flows from at least one of the administrative domains (AD1-AD5) for the analysis (AN).
  - 9. The method according to claim 1, further comprising the step of charging the serviced entities fees based on a respective amount (SUBS_AM) of subscribers.
  - 10. The method according to claim 1, wherein the serviced entities (SE) comprise at least one of the administrative domains (AD1-AD5).
  - 11. The method according to claim 10, wherein the serviced entities (SE) comprise at least one of the administrative domains (AD1-AD5) being charged based on the amount (FL_AM) of network flows reported within the respective administrative domain (AD1-AD5).
  - 12. The method according to claim 1, wherein the serviced entities (SE) comprise one of a governmental, police, office, and military authority.
  - 13. The method according to claim 1, wherein the result (RE) comprises a spam characteristic.

2. (canceled)

14. A network monitoring entity comprising being adapted to:
- a receiving component for being provided with network flow records (FR) from several administrative domains (AD1-AD5);
  
  an analysis component for performing an analysis (AN) on the network flow records (FR) in a way to locate a source of malicious network flow; and
  
  a notification component for providing serviced entities (SE) with a result (RE) of the analysis (AN).

15. (canceled)

16. A computer program product comprising a computer-readable medium storing program instructions executable by a processor to perform a method for operating a network monitoring entity (TE), said method comprising at said network monitoring entity (TE) the steps of:
- receiving network flow records (FR) from several administrative domains (AD1-AD5);
  
  performing an analysis (AN) of the network flow records (FR) to locate a source of malicious network flow; and
  
  providing serviced entities (SE) with a result (RE) of the analysis (AN).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kind, Andreas, Haas, Robert, Droz, Patrick

Granted Patent

US 9,392,009 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 43/04   Processing captured monitor...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 76/27   Transitions between radio r...

OPERATING A NETWORK MONITORING ENTITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

OPERATING A NETWORK MONITORING ENTITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others