System and method for managing computer networks
First Claim
Patent Images
1. A method of determining a similarity between a first host and a second host based on the network behavior of the first and second hosts comprising acts of:
- a) determining a first score based on the similarity between network traffic of top services using the first host and network traffic of top services using the second host;
b) determining a second score based on a total network traffic of the first host and a total network traffic of the second host;
c) combining the first and second scores to generate a similarity value, wherein the act b) further comprises an act of determining the second score based on a directionality and a magnitude of the total traffic of the first and second hosts, and wherein the method further comprises;
b1) representing the first host as a first point on a Cartesian plane based on the directionality and magnitude of the total traffic of the first host;
b2) representing the second host as a second point on a Cartesian plane based on the directionality and magnitude of the total traffic of the second host;
b3) computing a Euclidean distance between the first and second points; and
b4) combining the Euclidean distance and the first score to generate the similarity value.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for monitoring traffic in an enterprise network. Similar hosts may be grouped using flow information. Network policy may then be created at the group level based on the signatures of the hosts and groups of hosts in the enterprise. Hosts may be arranged in hierarchical clusters. Some of these clusters may be selected as groups based on a desired degree of similarity between hosts in a group. The similarity between hosts may be determined based on similarity of network behavior of the hosts.
114 Citations
6 Claims
-
1. A method of determining a similarity between a first host and a second host based on the network behavior of the first and second hosts comprising acts of:
-
a) determining a first score based on the similarity between network traffic of top services using the first host and network traffic of top services using the second host; b) determining a second score based on a total network traffic of the first host and a total network traffic of the second host; c) combining the first and second scores to generate a similarity value, wherein the act b) further comprises an act of determining the second score based on a directionality and a magnitude of the total traffic of the first and second hosts, and wherein the method further comprises; b1) representing the first host as a first point on a Cartesian plane based on the directionality and magnitude of the total traffic of the first host; b2) representing the second host as a second point on a Cartesian plane based on the directionality and magnitude of the total traffic of the second host; b3) computing a Euclidean distance between the first and second points; and b4) combining the Euclidean distance and the first score to generate the similarity value. - View Dependent Claims (2)
-
-
3. A system configured to determine similarity between a first host and a second host based on network behavior of the first and second hosts comprising:
-
a) means for determining a first score based on the similarity between network traffic of top services using the first host and network traffic of top services using the second host; and b) means for determining a second score based on a total network traffic of the first host and a total network traffic of the second host; c) means for combining the first and second scores to generate a similarity value, wherein the means for the determining the second score further comprises means for determining the second score based on a directionality and a magnitude of the total traffic of the first and second hosts, and wherein the system further comprises; b1) means for representing the first host as a first point on a Cartesian plane based on the directionality and magnitude of the total traffic of the first host; b2) means for representing the second host as a second point on a Cartesian plane based on the directionality and magnitude of the total traffic of the second host; b3) means for computing a Euclidean distance between the first and second points; and b4) means for combining the Euclidean distance and the first score to generate the similarity value. - View Dependent Claims (4)
-
-
5. A computer-readable medium having computer-readable signals stored thereon that define instructions that, as a result of being executed by a computer, instruct the computer to perform a method of determining similarity between a first host and a second host based on the network behavior of the first and second hosts comprising acts of:
-
a) determining a first score based on the similarity between network traffic of top services using the first host and network traffic of top services using the second host; b) determining a second score based on a total network traffic of the first host and a total network traffic of the second host; c) combining the first and second scores to generate a similarity value, wherein the act b) further comprises an act of determining the second score based on a directionality and a magnitude of the total traffic of the first and second hosts, and therein the method further comprises; b1) representing the first host as a first point on a Cartesian plane based on the directionality and magnitude of the total traffic of the first host; b2) representing the second host as a second point on a Cartesian plane based on the directionality and magnitude of the total traffic of the second host; b3) computing a Euclidean distance between the first and second points; and b4) combining the Euclidean distance and the first score to generate the similarity value. - View Dependent Claims (6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeArbor Networks Incorporated (NetScout Systems Incorporated)
-
Original AssigneeArbor Networks Incorporated (NetScout Systems Incorporated)
-
InventorsFleis, Lawrence Benjamin, Jackson, Eric S, Dysart, Aidan Christopher, Song, Douglas J, Malan, Gerald R
-
Primary Examiner(s)Flynn; Nathan
-
Assistant Examiner(s)Joo; Joshua
-
Application NumberUS10/302,765Publication NumberTime in Patent Office1,972 DaysField of Search709223-226, 709/244, 709/246US Class Current709/200CPC Class CodesH04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...H04L 41/142 using statistical or mathem...H04L 43/026 using flow identificationY02D 30/50 in wire-line communication ...
