Method and system for limiting the impact of undesirable behavior of computers on a shared data network
First Claim
1. A method for limiting the impact of undesirable behavior of computers on a network through which packets of data are interchanged between the computers, comprising:
- monitoring the network for any patterns of behavior;
determining, upon discovering that one or more of the patterns of behavior is undesirable, a type of the undesirable pattern of behavior;
determining a proper action for mitigating that type of undesirable behavior, the proper action including preventing dissemination through the network of packets associated with the undesirable behavior and allowing dissemination of packets not associated with the undesirable behavior,wherein preventing dissemination comprises at least one of changing a routing table, changing a forwarding table, turning off at least one port of a forwarding device, filtering on Internet Protocol (IP) addresses, and filtering on media access control (MAC) addresses, andwherein a discovery, including that of a network topology, facilitates the network monitoring and type of undesirable behavior determination, andwherein the dissemination through the network of packets associated with the undesirable behavior is prevented for a time period that is lengthened gradually as long as the undesirable behavior continues or intermittently reappears, the time period being gradually shortened if the undesirable behavior stops for a predetermined time.
2 Assignments
0 Petitions
Accused Products
Abstract
Undesirable behavior patterns of computers on a network impact network performance. A system and method are provided for limiting the impact of undesirable behavior of computers on the network. The network, through which packets of data are interchanged between the computers, includes one or more forwarding devices that are controlled or instructed by one or more packet traffic monitors. Each of the packet traffic monitors is configured for monitoring the packets; for determining if the information about the pattern of behavior from any of the computers is trustworthy; for determining, upon discovering that one or more of the patterns of behavior is undesirable, a type of the undesirable pattern behavior; and for determining a proper action for mitigating that type of undesirable behavior. The proper action is performed by mitigation means controlling the one or more forwarding devices.
49 Citations
32 Claims
-
1. A method for limiting the impact of undesirable behavior of computers on a network through which packets of data are interchanged between the computers, comprising:
-
monitoring the network for any patterns of behavior; determining, upon discovering that one or more of the patterns of behavior is undesirable, a type of the undesirable pattern of behavior; determining a proper action for mitigating that type of undesirable behavior, the proper action including preventing dissemination through the network of packets associated with the undesirable behavior and allowing dissemination of packets not associated with the undesirable behavior, wherein preventing dissemination comprises at least one of changing a routing table, changing a forwarding table, turning off at least one port of a forwarding device, filtering on Internet Protocol (IP) addresses, and filtering on media access control (MAC) addresses, and wherein a discovery, including that of a network topology, facilitates the network monitoring and type of undesirable behavior determination, and wherein the dissemination through the network of packets associated with the undesirable behavior is prevented for a time period that is lengthened gradually as long as the undesirable behavior continues or intermittently reappears, the time period being gradually shortened if the undesirable behavior stops for a predetermined time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for limiting the impact of undesirable behavior of computers on a network through which packets of data are interchanged between the computers, comprising:
-
means for monitoring the packets for any patterns of behavior; means for determining, upon discovering that one or more of the patterns of behavior is undesirable, a type of the undesirable pattern of behavior; means for determining a proper action for mitigating that type of undesirable behavior, the proper action, performed by mitigation means, including preventing dissemination through the network of packets associated with the undesirable behavior and allowing dissemination of packets not associated with the undesirable behavior, wherein preventing dissemination comprises at least one of changing a routing table, changing a forwarding table, and turning off at least one port of a forwarding device, and wherein means for discovery, including that of a network topology, facilitates network monitoring and type of undesirable behavior determination, and wherein the dissemination through the network of packets associated with the undesirable behavior is prevented for a time period that is lengthened gradually as long as the undesirable behavior continues or intermittently reappears, the time period being gradually shortened if the undesirable behavior stops for a predetermined time. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification