COLLECTING ASYMMETRIC DATA AND PROXY DATA ON A COMMUNICATION NETWORK

US 20130097308A1
Filed: 04/05/2012
Published: 04/18/2013
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. On a network monitoring system (NMS) coupled to a network, a method of collecting a collateral and/or asymmetric data stream on the network, the method comprising:

receiving a user of interest to be monitored on the network;

collecting a first data stream of the user of interest on the network based on a type of the user of interest;

identifying a type of application being used by the first data stream;

creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and

collecting the asymmetric data associated with the first data stream based on the new search term.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for collecting data streams, such as data packets, on a network, such as the Internet, are disclosed. A metadata portion of at least one of the data streams is analyzed on the network and evaluated using a metadata processing engine to identify a relationship between at least two of the plurality of data streams, e.g., a relationship between multiple users of interest, a new user of interest, etc. Evaluation of the metadata and the relationships can be performed algorithmically, as predetermined by an analyst or as provided as preset options by the network monitoring system (NMS). An interface manager can receive the new user of interest, evaluate the new user of interest for redundancy against existing users of interest of the NMS; then communicate the new user of interest to at least one access device to collect data streams associated with the new user of interest.

53 Citations

View as Search Results

23 Claims

1. On a network monitoring system (NMS) coupled to a network, a method of collecting a collateral and/or asymmetric data stream on the network, the method comprising:
- receiving a user of interest to be monitored on the network;
  
  collecting a first data stream of the user of interest on the network based on a type of the user of interest;
  
  identifying a type of application being used by the first data stream;
  
  creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and
  
  collecting the asymmetric data associated with the first data stream based on the new search term.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 20)
- - 2. The method of claim 1 further comprising:
    - broadcasting the new search term one or more probes in the NMS in order to search for the new search term across a wider expanse of the network.
  - 3. The method of claim 1 wherein the upper layer of communications is a communication layer 5, 6, or 7, or combination thereof of Open Systems Interconnection (OSI) model.
  - 4. The method of claim 1 wherein the collateral and/or asymmetric data stream is a data stream from a requestor or a responder located behind a proxy server.
  - 5. The method of claim 1 wherein the collateral and/or asymmetric data stream is an asymmetric data stream from a requestor or a responder.
  - 6. The method of claim 1 further comprising:
    - determining a protocol that is specifically, or is uniquely, applicable to layers 2, 3 or 4 in combination with layer 5-, 6, or 7, or combinations thereof, of OSI model.
  - 7. The method of claim 1 wherein the new search term is sufficiently accurate or unique to reduce or prevent overcollection, but sufficiently general to capture future changes to application protocol, thereby retaining a legacy search capability.
  - 8. The method of claim 1 wherein the communication protocol is unique to the type of network communication.
  - 9. The method of claim 1 wherein the collateral or asymmetric data sought does not contain the target type.
  - 10. The method of claim 1 wherein the first data stream or collateral data associated with the first data stream are located behind a proxy server with more than one user.
  - 11. The method of claim 1 wherein the application is a web or a non-web application.
  - 12. The method of claim 1 further comprising:
    - repeating the processes of creating a new search term based on an upper layer of a communication protocol used by a data stream from the respondent sent to the original requestor or forwarded to a new user on the network.
  - 13. The method of claim 1 wherein the process of identifying the type of application and creating the new search term is performed locally to a probe on the network, in order to provide quicker response to start the search for the new search term.
  - 14. The method of claim 1 further comprising:
    - communicating the new search term to a centralized mediation engine in the NMS for subsequent evaluation by a user of the NMS or for broadcast to a balance of probes in the NMS to collect data with the new search term
  - 15. The method of claim 1 wherein the new search term is an identifier
  - 16. The method of claim 1 wherein the new search term is a flag identification for an attachment to an email type of application that immediately uploads the attachment to a network server in response to a request from a user of interest to attach the document to the email.
  - 20. The network monitoring system of claim 14 wherein the metadata processing device is further operative to simultaneously retrieve a same portion of the collected data associated with the known user of interest for multiple analysts by parsing a single instance of the collected data on a storage device where the collected data is stored.

17. A network monitoring system comprising:
- an access device for retrieving data from a network;
  
  a metadata processing device operative to;
  
  identify a type of application being used by the first data stream;
  
  create a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and
  
  collect the asymmetric data associated with the first data stream based on the new search term.
- View Dependent Claims (18, 19)
- - 18. The network monitoring system of claim 17 wherein the metadata processing device is further operative to broadcast the new search term one or more probes in the NMS in order to search for the new search term across a wider expanse of the network.
  - 19. The network monitoring system of claim 18 wherein the metadata processing device is further operative to determine a protocol that is specifically, or is uniquely, applicable to layers 2, 3 or 4 in combination with layer 5-, 6, or 7, or combinations thereof, of OSI model.

21. A method comprising:
- receiving a user of interest to be monitored on the network;
  
  collecting a first data stream of the user of interest on the network based on a type of the user of interest;
  
  identifying a type of application being used by the first data stream;
  
  creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream, wherein the upper layer of communications is a communication layer 5, 6, or 7, or combination thereof of Open Systems Interconnection (OSI) model;
  
  collecting the asymmetric data associated with the first data stream based on the new search term;
  
  broadcasting the new search term one or more probes in the NMS in order to search for the new search term across a wider expanse of the network, wherein the new search term is sufficiently accurate or unique to reduce or prevent overcollection, but sufficiently general to capture future changes to application protocol, thereby retaining a legacy search capability; and
  
  determining a protocol that is specifically, or is uniquely, applicable to layers 2, 3 or 4 in combination with layer 5-, 6, or 7, or combinations thereof, of OSI model.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21 further comprising:
    - repeating the processes of creating a new search term based on an upper layer of a communication protocol used by a data stream from the respondent sent to the original requestor or forwarded to a new user on the network.
  - 23. The method of claim 22 further comprising:
    - communicating the new search term to a centralized mediation engine in the NMS for subsequent evaluation by a user of the NMS or for broadcast to a balance of probes in the NMS to collect data with the new search term.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SS8 Networks Incorporated
Original Assignee
SS8 Networks Incorporated
Inventors
Erbilgin, Bulent, Bean, Timothy, LE, ROBERT, Dikmen, Cemal

Granted Patent

US 8,972,612 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 43/028   by filtering

H04L 43/12   Network monitoring probes

H04L 67/535   Tracking the activity of th...

COLLECTING ASYMMETRIC DATA AND PROXY DATA ON A COMMUNICATION NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

COLLECTING ASYMMETRIC DATA AND PROXY DATA ON A COMMUNICATION NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links