VISUALIZATION OF NETWORK THREAT MONITORING

US 20180077189A1
Filed: 09/15/2016
Published: 03/15/2018
Est. Priority Date: 09/15/2016
Status: Active Grant

First Claim

Patent Images

1. A network monitoring system comprising:

an information processing system including a processor and a memory device coupled to the processor, the memory device containing a set of instructions that, when executed by the processor, cause the processor to;

receive traffic metric data, the traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;

identify network threats in intercepted traffic of the network traffic;

identify a time associated with detection of each occurrence of the network threats; and

generate a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to monitor a network is provided, including receiving traffic metric data indicating measurements related to a characteristic of network traffic flowing in the network and identifying network threats in intercepted traffic of the network traffic. The method further includes identifying a time associated with detection of each occurrence of the network threats and generating a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period. The display includes a network traffic plot and an alert plot adjacent to the network traffic plot. The network traffic plot indicates a characteristic of network traffic relative to a timeline displayed along a first axis. The alert plot includes alert indicators, wherein each alert indicator is associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats.

61 Citations

20 Claims

1. A network monitoring system comprising:
- an information processing system including a processor and a memory device coupled to the processor, the memory device containing a set of instructions that, when executed by the processor, cause the processor to;
  
  receive traffic metric data, the traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;
  
  identify network threats in intercepted traffic of the network traffic;
  
  identify a time associated with detection of each occurrence of the network threats; and
  
  generate a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The network performance monitoring system of claim 1, wherein the alert indicators graphically indicate a severity of the threat associated with the event indicated by the alert indicator.
  - 3. The network performance monitoring system of claim 1, wherein the indicators graphically indicate a directionality of the network traffic the event indicated by the alert indicator is associated with.
  - 4. The network performance monitoring system of claim 1, wherein the alert indicators include vertical tick marks, and wherein the alert plot is displayed in an area positioned at least one of above or below the network traffic plot.
  - 5. The network performance monitoring system of claim 1,wherein the set of instructions, when executed by the processor, further cause the processor to categorize each of the identified network threats in a threat category of a plurality of threat categories based on monitoring of the network traffic, andwherein the alert plot is further includes a second axis that corresponds to a series of the plurality of threat categories, each of the threat categories corresponding to a different location on the second axis, and the alert indictors are further aligned along the second axis based on the threat category to which the associated detected network threat is categorized.
  - 6. The network performance monitoring system of claim 5, wherein the threat categories correspond to respective network policies having rules for network communication, and a network threat is categorized in a threat category that corresponds to a network policy violated by the network threat.
  - 7. The network performance monitoring system of claim 5, the display is configured based on at least one of user selection, the at least one user selection determining the selected time period to which the timeline corresponds, one or more hosts receiving or sending network traffic indicated in the displayed network traffic plot and alert plot, and one or more threat categories in which network threats associated with the displayed alert indicators are categorized.
  - 8. The network performance monitoring system of claim 1,wherein the alert indicators are interactive display elements, andwherein the set of instructions, when executed by the processor, further cause the processor to respond to user activation of a selected displayed alert indicator by displaying additional data associated with the selected alert indicator.
  - 9. The network performance monitoring system of claim 1,wherein the timeline corresponds to a first period of time, andwherein the display further includes preview indicators that indicate information about alert indicators that correspond to a second time period different than the first period of time.
  - 10. The network performance monitoring system of claim 9, wherein the second time period is adjacent to the first time period, and the second time period is at least one of before or after the first time period.
  - 11. The network performance monitoring system of claim 9, wherein the display includes time controls that are interactive display elements, and activation of the time controls adjusts the first time period displayed.
  - 12. The network performance monitoring system of claim 9, wherein a duration of the first and second time periods is selectable.
  - 13. The network performance monitoring system of claim 1,wherein the timeline includes a first timeline portion and a second timeline portion, andwherein the first timeline portion has a first time scale and corresponds to a first time period, and the second timeline portion has a second time scale different than the first time scale and corresponds to a second time period different than the first time period.
  - 14. The network performance monitoring system of claim 13,wherein the timeline includes a first timeline portion and a second timeline portion, andwherein the first timeline portion corresponds to a first time period and at least one of the network traffic plot and the alert plot displayed along the first timeline portion include interactive display elements, and the second timeline portion corresponds to a second time period different than the first time period and neither the network traffic plot nor the alert plot displayed along the second timeline portion include interactive display elements.
  - 15. The network performance monitoring system of claim 14, wherein the network traffic plot and the alert plot displayed along the second timeline portion are displayed in a visibly different manner than the network traffic plot and the alert plot displayed along the first timeline portion.

16. A method of network monitoring, the method comprising:
- receiving traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;
  
  identifying network threats in intercepted traffic of the network traffic;
  
  identifying a time associated with detection of each occurrence of the network threats; and
  
  generating a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 further comprising:
    - categorizing each of the identified network threats in a threat category of a plurality of threat categories based on monitoring of the network traffic; and
      
      aligning the plotted alert indicators along a second axis that corresponds to a series of the plurality of threat categories, each of the threat categories corresponding to a different location on the second axis, wherein the respective alert indictors are aligned along the second axis based on the threat category to which the associated detected network threat is categorized.
  - 18. The method of claim 16,wherein the timeline includes a first timeline portion and a second timeline portion, andwherein the first timeline portion has a first time scale and corresponds to a first time period, and the second timeline portion has a second time scale different than the first time scale and corresponds to a second time period different than the first time period.

19. A non-transitory computer readable storage medium and one or more computer programs embedded therein, the computer programs comprising instructions, which when executed by a computer system, cause the computer system to:
- receive traffic metric data indicating measurements related to a characteristic of network traffic flowing in a network;
  
  identify network threats in intercepted traffic of the network traffic;
  
  identify a time associated with detection of each occurrence of the network threats; and
  
  generate a graphical user interface having a GUI that includes a display of a time series graph that corresponds to a selected time period, the display including a network traffic plot and an alert plot adjacent to the network traffic plot, the network traffic plot indicating a characteristic of network traffic relative to a timeline displayed along a first axis, the alert plot including alert indicators, each alert indicator associated with detection of a network threat and aligned relative to the timeline based on the time identified for each occurrence of the detected network threats.
- View Dependent Claims (20)
- - 20. The computer readable storage medium of claim 19, wherein the computer system, when executing the computer programs, is caused to:
    - categorize each of the identified network threats in a threat category of a plurality of threat categories based on monitoring of the network traffic; and
      
      align the plotted alert indicators along a second axis that corresponds to a series of the plurality of threat categories, each of the threat categories corresponding to a different location on the second axis, wherein the respective alert indictors are aligned along the second axis based on the threat category to which the associated detected network threat is categorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Original Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Inventors
Doppke, Jeffrey, Fields, Joshua M., Cassell, Christopher C.

Granted Patent

US 10,567,415 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

VISUALIZATION OF NETWORK THREAT MONITORING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VISUALIZATION OF NETWORK THREAT MONITORING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links