SYSTEM AND METHOD FOR REAL-TIME ANALYSIS OF NETWORK TRAFFIC

US 20170054854A1
Filed: 11/08/2016
Published: 02/23/2017
Est. Priority Date: 09/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method for detecting and intercepting at least one of fraud, security breach, intrusion or misuse of a network, comprising:

monitoring at least one of a plurality of simultaneous live data flows that are in active transmission between a first endpoint and a second endpoint in the network prior to storage of data within the live data flows in a database;

updating prescribed detection algorithms for detecting prescribed patterns within the plurality of simultaneous live data flows with at least one of live data conditions or external data sources;

updating deduced detection algorithms for detecting deduced patterns within the plurality of simultaneous live data flows with at least one of live data conditions or the external data sources;

detecting from the live data flows at least one of the deduced and prescribed patterns that indicate occurrence of the at least one of fraud, security breach, intrusion or misuse of the network using at least one of the prescribed detection algorithms and the deduced detection algorithms; and

taking an interceptive action with respect to the live data flows responsive to the detected deduced and prescribed patterns, to control an operation of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for detecting and intercepting at least one of fraud, security breach, intrusion or misuse of network resources monitors at least one of a plurality of simultaneous live data flows that are in active transmission between a first endpoint and a second endpoint in a network prior to the storage of data within the live data flows in a database, to take action to control the operation of a network. Prescribed detection algorithms are updated for detecting prescribed patterns and deduced detection algorithms are updated for detecting deduced patterns within the plurality of simultaneous live data flows with at least one of live data conditions and external data sources. The deduced and prescribed patterns that indicate occurrence of at least one of fraud, security breach, intrusion or misuse of the network are detected from at least one of the live data flows and the external data sources using the prescribed detection algorithms and the deduced detection algorithms. An interceptive action is taken with respect to the live data flows responsive to the detected deduced and prescribed patterns, to control the operation of the network.

Citations

42 Claims

1. A method for detecting and intercepting at least one of fraud, security breach, intrusion or misuse of a network, comprising:
- monitoring at least one of a plurality of simultaneous live data flows that are in active transmission between a first endpoint and a second endpoint in the network prior to storage of data within the live data flows in a database;
  
  updating prescribed detection algorithms for detecting prescribed patterns within the plurality of simultaneous live data flows with at least one of live data conditions or external data sources;
  
  updating deduced detection algorithms for detecting deduced patterns within the plurality of simultaneous live data flows with at least one of live data conditions or the external data sources;
  
  detecting from the live data flows at least one of the deduced and prescribed patterns that indicate occurrence of the at least one of fraud, security breach, intrusion or misuse of the network using at least one of the prescribed detection algorithms and the deduced detection algorithms; and
  
  taking an interceptive action with respect to the live data flows responsive to the detected deduced and prescribed patterns, to control an operation of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein the live data flow comprises active transmissions and activity on the network.
  - 3. The method of claim 1, wherein the live data flows comprise at least one of inbound or outbound calls, messages, data transmissions or data sessions.
  - 4. The method of claim 1, wherein the first and second endpoints can be any endpoints in the network.
  - 5. The method of claim 1, wherein the network may further comprise an originating network or a destination network.
  - 6. The method of claim 1, wherein the prescribed and deduced patterns include at least one of a pattern of inbound and outbound live data flows to and from at least one originating source and at least one target destination.
  - 7. The method of claim 6, wherein the live data flows to and from the at least one originating source and the at least one target destination further comprise at least one of a country, a prefix within a country, devices, data sessions, telephone numbers, or IP addresses.
  - 8. The method of claim 4, wherein the pattern of live data flows exceeds a threshold level from the first endpoint to the second endpoint in a predetermined time period.
  - 9. The method of claim 4, wherein the pattern of live data flows differs from a normal baseline activity of network activity for a predetermined time period.
  - 10. The method of claim 1 wherein the step of detecting further comprises determining a normal baseline activity between the first endpoint and the second endpoint;
    - and comparing the activity in the live data flows to the normal baseline activity to detect anomalous activity.
  - 11. The method of claim 1, wherein the step of updating the prescribed or deduced detection algorithms further comprises the continuous dynamic updating of the first processing node with the live data flows.
  - 12. The method of claim 1, wherein the step of updating the prescribed or deduced detection algorithms further comprises the continuous dynamic updating of the second processing node with the live data flows from the first processing node and the external dynamic data sources.
  - 13. The method of claim 1, wherein the step of updating the prescribed detection algorithms further comprises updating, contextualizing and correlating the prescribed detection algorithms with at least one of the live data conditions and the external data sources.
  - 14. The method of claim 1, wherein the steps of updating and the step of detecting occur concurrently.
  - 15. The method of claim 1, wherein the external data sources comprises at least one of rate tables of costs of network sessions, customer service and billing information and historical data patterns stored in the external data sources.
  - 16. The method of claim 1, wherein the step of updating the deduced detection algorithms further comprises updating, contextualizing and correlating the deduced detection algorithms with at least one of the live data conditions and the external data sources.
  - 17. The method of claim 1, wherein the external data sources comprise dynamic external data sources.
  - 18. The method of claim 1, wherein the interceptive action occurs at a same time the live-data flow is in active transmission between the endpoints of the network before an event is finalized.
  - 19. The method of claim 1, wherein the interceptive action further comprises performing at least one of interception, interdiction, adjust content, preventing an action on network activity;
    - or stopping, shaping, altering, copying, redirecting or releasing a network activity at a same time the live-data flow is in transmission between the endpoints in the network and before exit of data within the live-data flow from the network to affect an outcome before an event is finalized.
  - 20. The method of claim 1, wherein the step of taking the interceptive action comprises at least one of intercepting or blocking calls, messages, transmissions, sessions or activities on the network.
  - 21. The method of claim 1, wherein the taking the interceptive action further comprises preventing at least one of revenue loss or security vulnerabilities created by the at least one of fraud, security breach, intrusion or misuse of the network resources.

22. A system for detecting and intercepting at least one of fraud, security breach, intrusion or misuse of a network, comprising:
- at least one server communicating with the network;
  
  at least one network interface card associated with the at least one server for providing access to data flow through the network;
  
  a processor within each of the at least one server, the processor implementing at least one of a first processing node or a second processing node for;
  
  monitoring at least one of a plurality of simultaneous live data flows that are in active transmission between a first endpoint and a second endpoint in the network prior to storage of data within the live data flows in a database;
  
  updating prescribed detection algorithms for detecting prescribed patterns within the plurality of simultaneous live data flows with at least one of live data conditions and external data sources;
  
  updating deduced detection algorithms for detecting deduced patterns within the plurality of simultaneous live data flows with at least one of live data conditions and the external data sources;
  
  detecting from the live data flows the deduced and prescribed patterns that indicate occurrence of the at least one of fraud, security breach, intrusion or misuse of the network using at least one of the prescribed detection algorithms and the deduced detection algorithms; and
  
  taking an interceptive action with respect to the live data flows responsive to the detected deduced and prescribed patterns, to control an operation of the network.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The system of claim 22, wherein the live data flows comprise active transmissions and activity on the network.
  - 24. The system of claim 22, wherein the live data flows comprise at least one of inbound or outbound calls, messages, data transmissions or data sessions.
  - 25. The system of claim 22, wherein the first and second endpoints can be any endpoints in the network.
  - 26. The system of claim 22, wherein the network may further comprise an originating network or a destination network.
  - 27. The system of claim 22, wherein the prescribed and deduced patterns include at least one of a pattern of inbound or outbound live data flows to or from at least one originating source to at least one target destination.
  - 28. The system of claim 27, wherein the live data flows to and from the at least one originating source or the at least one target destination further comprise at least one of a country, a prefix within a country, devices, data sessions, telephone numbers, or IP addresses.
  - 29. The system of claim 22, wherein the pattern of live data flows exceeds a threshold level from the first endpoint to the second endpoint in a predetermined time period.
  - 30. The system of claim 22, wherein the pattern of live data flows differs from a normal baseline activity of network activity for a predetermined time period.
  - 31. The system of claim 22, wherein the processor further implements the second processing node for:
    - determining the normal baseline activity between endpoints; and
      
      comparing activity in the live data flows to a normal baseline activity to detect anomalous activity.
  - 32. The system of claim 22, wherein the processor further implements at least one of the first processing node or the second processing node for updating the prescribed or deduced detection algorithms by continuous dynamic updating of the first processing node with the live data flows.
  - 33. The system of claim 22, wherein the processor further implements at least one of the first processing node or the second processing node for updating the prescribed or deduced detection algorithms by continuous dynamic updating of a second processing node with the live data flow from the first processing node and the external dynamic data sources.
  - 34. The system of claim 22, wherein the processor further implements the at least one of the first processing node and the second processing node for updating the prescribed detection algorithms by updating, contextualizing and correlating the prescribed detection algorithms with at least one of the live data conditions and the external data sources.
  - 35. The system of claim 22, wherein the processor further implements the first and second processing nodes for updating and detecting to occur concurrently.
  - 36. The system of claim 22, wherein the external data sources comprises at least one of rate tables of costs of network sessions, customer service and billing information and historical data patterns stored in the external data sources.
  - 37. The system of claim 22, wherein the processor further implements the first and second processing nodes for updating the deduced detection algorithms by updating, contextualizing and correlating the deduced detection algorithms with at least one of live data conditions and the external data sources.
  - 38. The system of claim 22, wherein the external data sources comprise dynamic external data sources.
  - 39. The system of claim 22, wherein the processor further implements the first processing node for interceptive action at a same time the live-data flow is in active transmission between the first and second endpoints of the network before an event is finalized.
  - 40. The system of claim 22, wherein the processor further implements the first processing node or the second processing node for interceptive action that comprises at least one of interception, interdiction, adjust content, preventing an action on network activity;
    - or stopping, shaping, altering, copying, redirecting or releasing a network activity at a same time the live-data flow is in transmission between the endpoints in the network and before exit of data within the live-data flow from the network to affect an outcome before an event is finalized.
  - 41. The system of claim 22, wherein the processor further implements the first processing node or the second processing node for taking the interceptive action by at least one of intercepting or blocking calls, messages, transmissions, data sessions or activities on the network.
  - 42. The system of claim 22, wherein the processor further implements the first processing node or the second processing node for taking the interceptive action by preventing at least one of revenue loss or security vulnerabilities created by the at least one of fraud, security breach, intrusion or misuse of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network Kinetix, Llc
Original Assignee
Network Kinetix, Llc
Inventors
RICHARDS, CARISSA, RICHARDS, PETER

Granted Patent

US 9,819,807 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5016   the resource being the memory

H04L 41/0816   the condition being an adap...

H04L 41/142   using statistical or mathem...

H04L 41/16   using machine learning or a...

H04L 41/5009   Determining service level p...

H04L 41/5051   Service on demand, e.g. def...

H04L 43/08   Monitoring or testing based...

H04L 43/0894   Packet rate

H04L 43/16   Threshold monitoring

H04L 47/10   Flow control; Congestion co...

H04M 15/47   Fraud detection or preventi...

H04M 15/8214   Data or packet based

H04M 15/8228   Session based

H04M 3/2218   Call detail recording

H04W 12/128   Anti-malware arrangements, ...

SYSTEM AND METHOD FOR REAL-TIME ANALYSIS OF NETWORK TRAFFIC

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR REAL-TIME ANALYSIS OF NETWORK TRAFFIC

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links