Methods and systems for network traffic security

US 7,596,811 B2
Filed: 09/09/2005
Issued: 09/29/2009
Est. Priority Date: 09/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

monitoring on a host computer system at least one of a network resource for a network and a performance of an application in a network;

categorizing network traffic into at least good, bad and suspect categories of traffic based upon the monitoring; and

treating each of the good, bad and suspect categories of traffic different from others of the good, bad, and suspect categories of traffic, wherein good traffic and suspect traffic are forwarded toward a same destination using different resources.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to methods of and systems for adaptive networking that monitors a network resource of a network. The method monitors an application performance. The method categorizes a first subset of traffic of the network. The categories for the first subset include trusted, known to be bad, and suspect. The method determines an action for a second subset of traffic based on the category for the first subset of traffic. Some embodiments provide a system for adaptive networking that includes a first device and traffic that has a first subset and a second subset. The system also includes a first resource and a second resource for the transmission of the traffic. The first device receives the traffic and categorizes the traffic into the first and second subsets. The first device assigns the first subset to the first resource. Some embodiments provide a network device that includes an input for receiving incoming traffic, an output for sending outgoing traffic, a categorization module that categorizes incoming traffic, and a resource assignment module that assigns the categorized traffic for a particular resource. A traffic category for the device includes suspect traffic.

Citations

42 Claims

1. A method comprising:
- monitoring on a host computer system at least one of a network resource for a network and a performance of an application in a network;
  
  categorizing network traffic into at least good, bad and suspect categories of traffic based upon the monitoring; and
  
  treating each of the good, bad and suspect categories of traffic different from others of the good, bad, and suspect categories of traffic, wherein good traffic and suspect traffic are forwarded toward a same destination using different resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 38, 39, 40)
- - 2. The method of claim 1, further comprising:
    - determining an action for a first subset of traffic; and
      
      categorizing a second subset of traffic.
  - 3. The method of claim 2, wherein the first subset of traffic is categorized based on the step of monitoring the network resource.
  - 4. The method of claim 2, wherein the first subset of traffic is categorized based on the step of monitoring the performance of the application.
  - 5. The method of claim 2, further comprising the step of determining an action for the second subset of traffic based on the categorizing.
  - 6. The method of claim 5, wherein the action for the second subset of traffic is based on the step of monitoring the network resource.
  - 7. The method of claim 5, wherein the action for the second subset of traffic is based on the step of monitoring the application performance.
  - 8. The method of claim 5, wherein the first subset and the second subset of traffic do not overlap.
  - 9. The method of claim 5, wherein the first subset and the second subset of traffic overlap.
  - 10. The method of claim 5, wherein the first subset and the second subset of traffic are the same.
  - 11. The method of claim 2, further comprising:
    - tracking a history of users and traffic patterns; and
      
      using the history in categorizing the first subset of traffic.
  - 12. The method of claim 5, further comprising:
    - tracking a history of users and traffic patterns; and
      
      using the history in determining an action for the second subset of traffic.
  - 13. The method of claim 2, wherein the category for the first subset of traffic is based on a set of application management tools.
  - 14. The method of claim 5, wherein the action for the second subset of traffic is based on a set of application management tools.
  - 15. The method of claim 1, further comprising using a suite of protocols for the step of categorizing.
  - 16. The method of claim 2, wherein the category for the second subset of traffic is based on a suite of protocols.
  - 17. The method of claim 5, wherein the action for the second subset of traffic is based on a suite of protocols.
  - 18. The method of claim 1, further comprising providing an always on architecture, such that traffic is treated as suspect before the traffic is proved trusted.
  - 19. The method of claim 18, wherein providing the always on architecture comprises:
    - assigning at least two of the good, bad, and suspect categories of traffic to a first resource;
      
      based on the categorizing, reassigning one category of the at least two of the good, bad, and suspect categories of traffic to a second resource.
  - 20. The method of claim 19, wherein the at least two of the good, bad, and suspect categories comprises good and suspect categories of traffic, wherein the second resource is allocated for good traffic.
  - 21. The method of claim 18, wherein providing the always on architecture comprises:
    - assigning at least two of the good, bad, and suspect categories of traffic to a first resource;
      
      based on the monitoring, reassigning one category of the at least two of the good, bad, and suspect categories of traffic to a second resource.
  - 22. The method of claim 21, wherein the monitoring further comprises detecting an unusual network activity.
  - 23. The method of claim 1, further comprising determining that an endpoint is trusted, wherein an endpoint is a source or a destination in the network for a transaction.
  - 24. The method of claim 1, further comprising assigning an endpoint a frequent flyer status.
  - 25. The method of claim 1, further comprising providing an optimization selected from the set comprising outbound performance optimization, outbound application performance optimization, outbound load optimization, inbound performance optimization, inbound application performance optimization, and inbound load optimization.
  - 26. The method of claim 1, further comprising steering traffic away from an attack related performance problem.
  - 27. The method of claim 26, wherein the performance problem includes one of application performance degradation, a brownout, and a blackout.
  - 28. The method of claim 1, further comprising steering traffic away from an attack related load problem.
  - 29. The method of claim 28, wherein the load problem includes one of congestion, application performance degradation, a brownout, and a blackout.
  - 38. The method of claim 1, further comprising temporarily downgrading trusted traffic.
  - 39. The method of claim 1, wherein categorizing network traffic is based on characteristics and requirements of a user.
  - 40. The method of claim 39, further comprising determining the characteristics and requirements of the user using a directory or a call server.

30. A network device comprising:
- an input for receiving incoming traffic;
  
  an output for sending outgoing traffic; and
  
  a hardware module comprising;
  
  a categorization module that categorizes incoming traffic, wherein categories for the incoming traffic comprise trusted and suspect; and
  
  a resource assignment module that assigns the categorized traffic for a particular resource, wherein the resource assignment module assigns the trusted traffic and the suspect traffic to different resources for forwarding to a same destination.
- View Dependent Claims (31, 32)
- - 31. The network device of claim 30, wherein the different resources comprise two or more resources selected from a set comprising a Type of Service tag, a multiprotocol label switch tag, and a physical path.
  - 32. The network device of claim 30, wherein the network device is a router.

33. A system for adaptive networking comprising:
- traffic comprising a plurality of subsets, wherein a first subset includes suspect traffic;
  
  a resource for the traffic, wherein the resource is allocated for suspect traffic, is separate from a resource allocated for trusted traffic, and is configured to forward the suspect traffic to a destination for the trusted traffic; and
  
  a first device for receiving the traffic, wherein the first device is configured to categorize the received traffic into the first subset.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The system of claim 33, wherein the first device is configured to assign the first subset to the resource.
  - 35. The system of claim 33, further comprising an Internet service provider, wherein the first device is configured to receive the traffic flowing to and from the Internet service provider.
  - 36. The system of claim 33, further comprising an enterprise network.
  - 37. The system of claim 33, wherein the first device is further configured to send and receive a notification message, wherein a notification message comprises network control data that is separate from the traffic.

41. A method comprising:
- monitoring on a host computer system at least one of a network resource for a network and a performance of an application in a network;
  
  categorizing network traffic into at least good, bad and suspect categories of traffic based upon the monitoring;
  
  determining an action for a first subset of traffic;
  
  categorizing a second subset of traffic;
  
  tracking a history of users and traffic patterns;
  
  using the history in categorizing the first subset of traffic; and
  
  treating each of the good, bad and suspect categories of traffic different from others of the good, bad, and suspect categories of traffic, wherein good traffic and suspect traffic are forwarded toward a same destination or different destinations using different resources.

42. A method comprising:
- monitoring on a host computer system at least one of a network resource for a network and a performance of an application in a network;
  
  categorizing network traffic into at least good, bad and suspect categories of traffic based upon the monitoring;
  
  treating each of the good, bad and suspect categories of traffic different from others of the good, bad, and suspect categories of traffic, wherein good traffic and suspect traffic are forwarded toward a same destination or different destinations using different resources; and
  
  temporarily downgrading trusted traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Baldonado, Omar C., Karam, Mansour J., Finn, Sean P., Lloyd, Michael A., Fraval, Pierre, McGuire, James G.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US11/223,236
Publication Number

US 20060092841A1
Time in Patent Office

1,481 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

H04L 2463/143   Denial of service attacks i...

H04L 41/5009   Determining service level p...

H04L 41/5019   Ensuring fulfilment of SLA

H04L 41/5022   by giving priorities, e.g. ...

H04L 41/5096   wherein the managed service...

H04L 43/00   Arrangements for monitoring...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 45/00   Routing or path finding of ...

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/124   using a combination of metrics

H04L 45/50   using label swapping, e.g. ...

H04L 47/10   Flow control; Congestion co...

H04L 47/15   in relation to multipoint t...

H04L 47/24   Traffic characterised by sp...

H04L 47/283   in response to processing d...

H04L 47/70   Admission control; Resource...

H04L 47/803   Application aware

H04L 47/822 : Collecting or measuring res...

H04L 47/825 : Involving tunnels, e.g. MPLS

H04L 63/0263 : Rule management

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1425 : Traffic logging, e.g. anoma...

View All

Methods and systems for network traffic security

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for network traffic security

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links