SYNTHETIC DATA FOR DETERMINING HEALTH OF A NETWORK SECURITY SYSTEM
First Claim
1. A computer-implemented method, comprising:
- capturing network traffic data and associated data using at least a first sensor of a first virtual machine of a network, a second sensor of a first server hosting the first virtual machine, and a third sensor of a first networking device connected to the first server;
determining a pattern in the network traffic data and the associated data, the pattern associated with respective expected behavior for at least the first sensor, the second sensor, and the third sensor;
determining a plurality of selected nodes of the network for generating data corresponding to the pattern, the plurality of selected nodes including at least a second virtual machine of the network, a second server hosting the second virtual machine, and a second networking device connected to the second server, the second virtual machine executing a fourth sensor, the second server executing a fifth sensor, and the second networking device executing a sixth sensor;
causing each of the plurality of selected nodes to generate a respective portion of the data corresponding to the pattern; and
comparing respective actual behavior of the fourth sensor, the fifth sensor, and the sixth sensor to the respective expected behavior of the first sensor, the second sensor, and the third sensor.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method can include choosing a pattern or patterns of network traffic. This pattern can be representative of a certain type of traffic such as an attack. The pattern can be associated with various components of a network and can describe expected behavior of these various components. A system performing this method can then choose a nodes or nodes to generate traffic according to the pattern and send an instruction accordingly. After this synthetic traffic is generated, the system can compare the behavior of the components with the expected behavior. An alert can then be created to notify an administrator or otherwise remedy any problems.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
capturing network traffic data and associated data using at least a first sensor of a first virtual machine of a network, a second sensor of a first server hosting the first virtual machine, and a third sensor of a first networking device connected to the first server; determining a pattern in the network traffic data and the associated data, the pattern associated with respective expected behavior for at least the first sensor, the second sensor, and the third sensor; determining a plurality of selected nodes of the network for generating data corresponding to the pattern, the plurality of selected nodes including at least a second virtual machine of the network, a second server hosting the second virtual machine, and a second networking device connected to the second server, the second virtual machine executing a fourth sensor, the second server executing a fifth sensor, and the second networking device executing a sixth sensor; causing each of the plurality of selected nodes to generate a respective portion of the data corresponding to the pattern; and comparing respective actual behavior of the fourth sensor, the fifth sensor, and the sixth sensor to the respective expected behavior of the first sensor, the second sensor, and the third sensor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium comprising instructions stored thereon, the instructions, when executed, cause a computing device to:
-
capture network traffic data and associated data using at least a first sensor of a first virtual machine of a network, a second sensor of a first server hosting the first virtual machine, and a third sensor of a first networking device connected to the first server; determine a pattern in the network traffic data and the associated data, the pattern associated with respective expected behavior for at least the first sensor, the second sensor, and the third sensor; determine a plurality of selected nodes of the network for generating data corresponding to the pattern, the plurality of selected nodes including at least a second virtual machine of the network, a second server hosting the second virtual machine, and a second networking device connected to the second server, the second virtual machine executing a fourth sensor, the second server executing a fifth sensor, and the second networking device executing a sixth sensor; cause each of the plurality of selected nodes to generate a respective portion of the data corresponding to the pattern; and compare respective actual behavior of the fourth sensor, the fifth sensor, and the sixth sensor to the respective expected behavior of the first sensor, the second sensor, and the third sensor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a processor; memory including instructions that when executed by the processor, cause the system to; capture network traffic data and associated data using at least a first sensor of a first virtual machine of a network, a second sensor of a first server hosting the first virtual machine, and a third sensor of a first networking device connected to the first server; determine a pattern in the network traffic data and the associated data, the pattern associated with respective expected behavior for at least the first sensor, the second sensor, and the third sensor; determine a plurality of selected nodes of the network for generating data corresponding to the pattern, the plurality of selected nodes including at least a second virtual machine of the network, a second server hosting the second virtual machine, and a second networking device connected to the second server, the second virtual machine executing a fourth sensor, the second server executing a fifth sensor, and the second networking device executing a sixth sensor; cause each of the plurality of selected nodes to generate a respective portion of the data corresponding to the pattern; and compare respective actual behavior of the fourth sensor, the fifth sensor, and the sixth sensor to the respective expected behavior of the first sensor, the second sensor, and the third sensor. - View Dependent Claims (18, 19, 20)
-
Specification