Methods, apparatuses, and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users
First Claim
1. A method allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users, the method comprisingmonitoring, at a network device, data flows relative to at least one user for indications of suspicious activity directed to evading classification of network traffic associated with the at least one user by a network traffic classification device;
- maintaining a suspicion level for the at least one user based on detected indications of suspicious activity, wherein the detected indications of suspicious activity comprise a user connecting to a tunnel proxy resource operative to encrypt data flows corresponding to the user; and
applying bandwidth utilization controls to the data flows associated with the at least one user based on the respective suspicion level.
12 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatuses and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users. In one embodiment, the present invention allows network administrators to penalize users who carry out specific questionable or suspicious activities, such as the use of proxy tunnels to disguise the true nature of the data flows in order to evade classification and control by bandwidth management devices. In one embodiment, each individual user may be accorded an initial suspicion score. Each time the user is associated with a questionable or suspicious activity (for example, detecting the set up of a connection to an outside HTTP tunnel, or peer-to-peer application flow), his or her suspicion score is downgraded. Data flows corresponding to users with sufficiently low suspicion scores, in one embodiment, can be treated in a different manner from data flows associated with other users. For example, different or more rigorous classification rules and policies can be applied to the data flows associated with suspicious users.
176 Citations
34 Claims
-
1. A method allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users, the method comprising
monitoring, at a network device, data flows relative to at least one user for indications of suspicious activity directed to evading classification of network traffic associated with the at least one user by a network traffic classification device; -
maintaining a suspicion level for the at least one user based on detected indications of suspicious activity, wherein the detected indications of suspicious activity comprise a user connecting to a tunnel proxy resource operative to encrypt data flows corresponding to the user; and applying bandwidth utilization controls to the data flows associated with the at least one user based on the respective suspicion level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 29, 30, 31)
-
-
9. An apparatus allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users, comprising
a suspicion scoring module operative to: -
monitor data flows relative to at least one user for indications of suspicious activity directed to evading classification of network traffic associated with the at least one user by a network traffic classification device; and generate a suspicion level for the at least one user based on detected indications of suspicious activity, wherein the detected indications of suspicious activity comprise a user connecting to a tunnel proxy resource operative to encrypt data flows corresponding to the user; and a bandwidth utilization control module operative to apply bandwidth utilization controls to data flows associated with the at least one user based at least in part on the respective suspicion levels. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 32, 33, 34)
-
-
23. A method allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users, the method comprising
monitoring, at a network device, data flows relative to at least one user for indications of suspicious activity directed to evading classification of network traffic associated with the at least one user by a network traffic classification device; -
maintaining a suspicion level for the at least one user based on detected indications of suspicious activity, wherein the detected indications of suspicious activity comprise a user connecting to a tunnel proxy resource operative to encrypt data flows corresponding to the user; and applying a heightened level of scrutiny to data flows associated with users having a suspicion level beyond a threshold suspicion level.
-
-
24. A method allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users, the method comprising
monitoring, at a network device, data flows relative to at least one user for indications of suspicious activity directed to evading classification of network traffic associated with the at least one use, by a network traffic classification device, wherein the indications of suspicious activity comprise a user connecting to a tunnel proxy resource operative to encrypt data flows corresponding to the user; - and
maintaining a suspicion level for the at least one user based on detected indications of suspicious activity. - View Dependent Claims (25, 26, 27, 28)
- and
Specification