System and Method For Correlating Fingerprints For Automated Intelligence

US 20100046809A1
Filed: 08/19/2008
Published: 02/25/2010
Est. Priority Date: 08/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;

capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure;

determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for correlating fingerprints in an Information Technology (IT) infrastructure for automated intelligence, where a fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding an event. It is determined whether a correlation exists between multiple fingerprints to determine whether such fingerprints separately indicate the occurrence of the event for the same reason. If a degree of match is found to exist between the rule sets of multiple fingerprints that exceeds a certain threshold, the fingerprints are determined to indicate the occurrence of the event for the same reason and the rule sets for those fingerprints can be merged together with the probabilities that such rules will indicate the occurrence of the event adjusted accordingly. In one or more embodiments, the fingerprint matching correlation procedures are implemented to account for time or phase shifts between the rule sets in two fingerprints.

67 Citations

View as Search Results

21 Claims

1. A method comprising:
- capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;
  
  capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure;
  
  determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising merging the first and second fingerprints together when it is determined that the first and second fingerprints correlate to each other.
  - 3. The method of claim 1, further comprising determining whether a correlation exists by determining whether a certain degree of match exists between the first and second fingerprints.
  - 4. The method of claim 3, wherein each of the first and second fingerprints include a set of rules across a set of time cuts describing the probability that certain metrics are associated with the event, where each rule in the set of rules includes a corresponding probability, the method further comprising determining whether a certain degree of match exists between the first and second fingerprints by determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts.
  - 5. The method of claim 4, further comprising:
    - iteratively shifting a phase shift in time cuts between the sets of rules in the first and second fingerprints;
      
      determining a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; and
      
      determining the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determining a value of the associated maximum degree of match.
  - 6. The method of claim 5, further comprising:
    - determining whether the value for the maximum degree of match exceeds a certain threshold, andmerging the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold.
  - 7. The method of claim 6, further comprising adjusting the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased.

8. A machine-readable medium having program instructions stored thereon executable by a processing unit of a special-purpose network monitoring server for performing the steps of:
- capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;
  
  capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure; and
  
  determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The machine-readable medium of claim 8, further comprising program instructions stored thereon for merging the first and second fingerprints together when it is determined that the first and second fingerprints correlate to each other.
  - 10. The machine-readable medium of claim 8, further comprising program instructions stored thereon for determining whether a correlation exists by determining whether a certain degree of match exists between the first and second fingerprints.
  - 11. The machine-readable medium of claim 10, wherein each of the first and second fingerprints include a set of rules across a set of time cuts describing the probability that certain metrics are associated with the event, where each rule in the set of rules includes a corresponding probability, the machine-readable medium further comprising program instructions stored thereon for determining whether a certain degree of match exists between the first and second fingerprints by determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts.
  - 12. The machine-readable medium of claim 11, further comprising program instructions stored thereon for:
    - iteratively shifting a phase shift in time cuts between the sets of rules in the first and second fingerprints;
      
      determining a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; and
      
      determining the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determining a value of the associated maximum degree of match.
  - 13. The machine-readable medium of claim 12, further comprising program instructions stored thereon for:
    - determining whether the value for the maximum degree of match exceeds a certain threshold, andmerging the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold.
  - 14. The machine-readable medium of claim 13, further comprising program instructions stored thereon for adjusting the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased.

15. A system comprising:
- a fingerprint capturing module for capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure,the fingerprint capturing module further capturing a second fingerprint of at least a portion of the IT infrastructure associated with a event relating to the IT infrastructure; and
  
  a fingerprint correlation module for determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the fingerprint correlation module merges the first and second fingerprints together when it is determined that the first and second fingerprints correlate to each other.
  - 17. The system of claim 15, wherein the fingerprint correlation module determines whether a correlation exists by determining whether a certain degree of match exists between the first and second fingerprints.
  - 18. The system of claim 17, wherein each of the first and second fingerprints include a set of rules across a set of time cuts describing the probability that certain metrics are associated with the event, where each rule in the set of rules includes a corresponding probability, the fingerprint correlation module further determining whether a certain degree of match exists between the first and second fingerprints by determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts.
  - 19. The system of claim 18, wherein the fingerprint correlation module further:
    - iteratively shifts a phase shift in time cuts between the sets of rules in the first and second fingerprints;
      
      determines a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; and
      
      determines the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determines a value for the associated maximum degree of match.
  - 20. The system of claim 19, wherein the fingerprint correlation module further:
    - determines whether the value for the maximum degree of match exceeds a certain threshold, andmerges the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold.
  - 21. The system of claim 20, wherein the fingerprint correlation module further adjusts the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Marvasti, Mazda A.

Granted Patent

US 8,631,117 B2
Time in Patent Office

Days
Field of Search
US Class Current

382/124
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/14   for detecting or protecting...

System and Method For Correlating Fingerprints For Automated Intelligence

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and Method For Correlating Fingerprints For Automated Intelligence

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others