×

DETECTING NETWORK FLOW STATES FOR NETWORK TRAFFIC ANALYSIS

  • US 20180324061A1
  • Filed: 05/03/2017
  • Published: 11/08/2018
  • Est. Priority Date: 05/03/2017
  • Status: Active Application
First Claim
Patent Images

1. A method for monitoring one or more network flows, wherein one or more processors in a network computer that execute instructions for a plurality of applications that perform actions, comprising:

  • employing a monitoring engine application to compare one or more characteristics of the one or more monitored network flows to one or more criteria, wherein the one or more criteria are provided by one or more filters;

    employing a filter engine application to perform further actions including;

    filtering network traffic based on the one or more filters and the comparison, wherein one or more universal payload analysis (UPA) engines are employed to analyze protocols that are one or more custom or unsupported natively by the network computer and extract packet payload data from the filtered network traffic, wherein the analysis includes employing one or more state machines to classify the protocols by mimicking state changes in the monitored network flows; and

    employing a rule engine application to perform further actions, including;

    providing one or more rules based on the filtered network traffic, wherein each rule is associated with one or more rule prologues and one or more rule actions;

    executing the one or more rule prologues on the filtered network traffic to provide one or more satisfied rule prologues, wherein the one or more satisfied rule prologues includes indicating that a turn is occurring on a monitored network flow of packets between one or more servers and clients based on detection of one or more of a response-request data pattern or a new transaction data pattern, wherein the indication of the turn identifies the detected pattern regarding the monitored network flow in the packets'"'"' payload data; and

    executing one or more of the one or more rule actions based on the one or more satisfied rule prologues, wherein the one or more executed rule actions and the one or more satisfied rule prologues are each associated with a same rule.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×