Information security analysis system

US 7,047,423 B1
Filed: 07/19/1999
Issued: 05/16/2006
Est. Priority Date: 07/21/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for dynamic monitoring of a data communications network, comprising:

gathering information on the physical and virtual characteristics of a data communications network;

generating a knowledge base of the gathered information;

parsing the information in the generated knowledge base to generate data in selected categories in readable format;

analyzing the data in the selected categories to create associations to characterize the data communications network; and

visualizing the analyzed data to determine participant utilization of the data communications network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The analysis system is a collection, configuration and integration of software programs that reside on multiple interconnected computer platforms. The software, less computer operating systems, is a combination of sensor, analysis, data conversion, and visualization programs. The hardware platforms consist of several different types of interconnected computers, which share the software programs, data files, and visualization programs via a Local Area Network (LAN). This collection and integration of software and the migration to a single computer platform results in an approach to LAN/WAN monitoring in either a passive and/or active mode. The architecture permits digital data input from external sensors for analysis, display and correlation with data and displays derived from four major software concept groups. These are: Virus Computer Code Detection; Analysis of Computer Source and Executable Code; Dynamic Monitoring of Data Communication Networks; 3-D Visualization and Animation of Data.

Citations

44 Claims

1. A method for dynamic monitoring of a data communications network, comprising:
- gathering information on the physical and virtual characteristics of a data communications network;
  
  generating a knowledge base of the gathered information;
  
  parsing the information in the generated knowledge base to generate data in selected categories in readable format;
  
  analyzing the data in the selected categories to create associations to characterize the data communications network; and
  
  visualizing the analyzed data to determine participant utilization of the data communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method for dynamic monitoring of a data communications network as set forth in claim 1 wherein generating a knowledge base comprises construction of a nodal network diagram.
  - 3. The method for dynamic monitoring of a data communications network as set forth in claim 1 wherein generating a knowledge base comprises determining internal and external intrusion attempts.
  - 4. The method for dynamic monitoring of a data communications network as set forth in claim 1 wherein generating a knowledge base comprises documenting and organizing data in a network functional configuration.
  - 5. A method for dynamic monitoring of a data communications network as set forth in claim 1 wherein generating a knowledge base comprises generating packets and subpackets of the gathered information.
  - 6. The method of dynamic monitoring of a data communications network as set forth in claim 1 wherein gathering information comprises gathering information to determine participant use of the communications network at a given point in time.
  - 7. The method for dynamic monitoring of a data communications network as set forth in claim 6 wherein gathering information further comprises gathering information on configuration changes in the communications network over selectable time intervals.
  - 8. The method for dynamic monitoring of a data communications network as set forth in claim 1 wherein analyzing the data comprises converting the generated data to vector-based nodal diagrams.
  - 9. The method for dynamic monitoring of a data communications network as set forth in claim 1 wherein analyzing the data comprises relating knowledge-based data to session data and packet data of the communications network.

10. A method for dynamic monitoring of a data communications networks, comprising:
- passively gathering information on the physical and virtual characteristics of nodes and links of the data communications network;
  
  generating a knowledge base of the information passively gathered;
  
  parsing the information in the generated knowledge base to generate data in selected categories in readable format;
  
  analyzing the data in the selected categories to create node and link associations thereby characterizing the data communications network; and
  
  visualizing the analyzed data to determine participant utilization of the data communications network.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method for dynamic monitoring of data communications networks as set forth in claim 10 wherein visualizing the analyzed data comprises:
    - storing a visualization setup data file to supply information and data for processing;
      
      storing a network linking data file related to the communications network;
      
      accessing on a selective basis each of the stored files;
      
      transferring the accessed file data to a visualization processor; and
      
      processing the accessed file data and the analyzed data to determine participant utilization of the data communications network.
  - 12. A method for dynamic monitoring of data communications networks as set forth in claim 10 wherein the analyzed data comprises connectivity and functionality data related to the communications networks and wherein:
    - visualizing the analyzed data comprises transferring the connectivity and functionality data to the visualization processor;
      
      processing the accessed file data, the connectivity data and the functionality data to generate network data signals for display; and
      
      processing in a 3-D rendering engine the generated network data signals to output network connectivity and functionality display signals.
  - 13. The method for dynamic monitoring of data communications networks as set forth in claim 12 wherein visualizing the analyzed data further comprises:
    - generating user input data for control of the 3-D rendering engine;
      
      transferring the user input data to the 3-D rendering engine; and
      
      processing in the 3-D rendering engine the user input data and the generated network data signals to output network connectivity and functionality display signals in accordance with the user input data.
  - 14. The method for dynamic monitoring of a data communications networks as set forth in claim 10 wherein generating a knowledge base comprises determining internal and external intrusion attempts.
  - 15. The method for dynamic monitoring of a data communications networks as set forth in claim 10 wherein gathering information further comprises gathering information on configuration changes in the communications networks over selectable time intervals.
  - 16. The method for dynamic monitoring of data communications networks as set forth in claim 10 wherein visualizing the analyzed data comprises appending user definable symbols to the analyzed data.

17. A method for dynamic monitoring a plurality of a data communications networks, comprising:
- gathering information on the physical and virtual characteristics of each of the plurality of data communications networks;
  
  generating a knowledge base of the information gathered;
  
  parsing the information in the generated knowledge base to generate data in selected categories in readable format;
  
  analyzing the data in the selected categories to create associations thereby characterizing each of the data communications networks; and
  
  visualizing the analyzed data to determine the utilization of and the interaction of the data communications networks by participants at any point in time.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method for dynamic monitoring a plurality of data communications networks as set forth in claim 17 wherein analyzing the data includes remote monitoring, collaboration and discovery of network systems.
  - 19. The method for dynamic monitoring a plurality of data communications networks as set forth in claim 17 wherein visualizing the analyzed data comprises simultaneously displaying one or more of the communications networks in an interactive configuration.
  - 20. The method for dynamic monitoring a plurality of data communications networks as set forth in claim 17 wherein analyzing the data comprises mapping subnets to reconfigure networks as terminal activity in a network increases.
  - 21. The method for dynamic monitoring a plurality of data communications networks as set forth in claim 17 wherein visualizing the analyzed data comprises displaying each active terminal in a network along with nodes and links and appended information.

22. Apparatus for dynamic monitoring of a data communications network, comprising:
- a discovery tool for gathering information on the physical and virtual characteristics of a data communications network;
  
  a knowledge base for storing the information gathered on the physical and virtual characteristics of the data communications network;
  
  a data parsing tool responsive to information in the knowledge base to generate data in selected categories in readable format;
  
  an analytical engine receiving the data in the selected categories to create associations to characterize the data communications network; and
  
  a display responsive to outputs of the analytical engine to visualize the analyzed data thereby determining participant utilization of the data communications network.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 23. The apparatus for dynamic monitoring of a data communications network as in claim 22 further comprising:
    - a tool suite; and
      
      a sensor manager for queuing packets of data to be provided to the tools in the tool suite.
  - 24. The apparatus for dynamic monitoring of a data communications network as in claim 23 further comprising:
    - an internal packet-processing engine for decoding data packets and converting raw data communications network data into information elements accessible to tools in the tool suite.
  - 25. The apparatus for dynamic monitoring of a data communications network as in claim 24 further comprising a script engine for filtering particular information for entering knowledge into the knowledge base an accessible tool in the tool suite.
  - 26. The apparatus for dynamic monitoring of a data communications network as in claim 22 wherein said discovery tool comprises:
    - a tool suite of interoperable tools to provide visualization, mapping, and analysis of incoming data and processed knowledge.
  - 27. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein said tool suite comprises:
    - a sensor manager tool for configuring and control of sensors within the discovery tool to enable data to be collected.
  - 28. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a network viewer tool for providing discovery, layout, and visualization of network nodes and links.
  - 29. Apparatus for dynamic monitoring of a data communications network as in claim 28 wherein the network viewer tool further comprises reading packet information to provide a physical picture of one or more logical networks.
  - 30. Apparatus for dynamic monitoring of a data communications network as in claim 28 wherein the tool suite further comprises:
    - an object viewer tool integrated with the network viewer tool for actuating the display of node information.
  - 31. Apparatus for dynamic monitoring of a data communications network as in claim 30 wherein the object viewer tool actuates the display to present information regarding transitive relations and create a list of objects sorted by class.
  - 32. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a data packet viewer tool for analysis of data packets and data packet structure.
  - 33. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a knowledge browser tool for browsing objects by classes within the knowledge base.
  - 34. Apparatus for dynamic monitoring of a data communications network as in claim 33 wherein the knowledge browser tool provides linkage information for tracing items and information passively discovered on the communications network.
  - 35. Apparatus for dynamic monitoring of a data communications network as in claim 34 wherein the knowledge browser tool further enables acquisition, organization, and categorization of communications network information.
  - 36. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a topology display tool for actuating the display to visualize elements of the communications network.
  - 37. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a session recorder tool for packet assembly, TCP/IP session management, and knowledge discovery for observing and identifying application level entities on the communications network.
  - 38. Apparatus for dynamic monitoring of a data communications network as in claim 26 wherein the tool suite further comprises:
    - a query console tool providing a text-based interface to a knowledge base for determining the presence of an object in the communications network.

39. Apparatus for dynamic monitoring of a data communications network, comprising:
- a discovery tool for gathering information on the physical and virtual characteristics of a data communications network;
  
  a knowledge base for storing the information gathered from the data communications network;
  
  a parsing tool receiving the information from the knowledge base to generate data in selected categories in readable format, the parsing tool receiving information from the knowledge base and generating data in selected categories in readable format, the parsing tool comprises a KB parsing tool, an email extraction tool, a session joining tool, a web extraction tool, a graphics extraction tool, a KB summing tool, a file manipulation tool, and a column splitting tool;
  
  an analytical engine responsive to the data in selected categories from the parsing tool to create associations characterizing the data communications network; and
  
  display means for visualizing the analyzed data to determine participant utilization of a data communications network.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. Apparatus for dynamic monitoring of a data communications network as in claim 39 wherein the KB parsing tool parses the communications network data to be output for display in a columnar file, to be imported to a database, or to the analytical engine.
  - 41. Apparatus for dynamic monitoring of a data communications network as in claim 40 wherein the KB parsing tool provides a key word search to generate communications network data in various categories.
  - 42. Apparatus for dynamic monitoring of a data communications network as in claim 39 wherein the email extraction tool provides organization of files into summary description.
  - 43. Apparatus for dynamic monitoring of a data communications network as in claim 39 wherein the web extraction tool facilitates parsing and formatting of data from flat files for importing to a database or to the analytical engine.
  - 44. Apparatus for dynamic monitoring of a data communications network as in claim 39 wherein the KB summing tool creates a statistical matrix of data contained in packets and session logs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Suit, John M., Scott, Christopher J., Woodus, Francis M., Karolchik, Joseph, Maloney, Michael P., Dontas, Holly D., Rubel, Rich
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Arani, Jaghi T.

Application Number

US09/356,469
Time in Patent Office

2,493 Days
Field of Search

713/201, 713/200, 709223-224, 345/473
US Class Current

726/2
CPC Class Codes

H04L 43/045 for graphical visualisation...

H04L 63/1408 by monitoring network traff...

Information security analysis system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Information security analysis system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links