Systems and methods for relating network traffic using traffic-based signatures
First Claim
Patent Images
1. A method performed by one or more server devices, comprising:
- receiving, via at least one server device of the one or more server devices, attributes associated with network traffic logged at a plurality of network nodes;
generating, via at least one server device of the one or more server devices, traffic signatures using the received attributes;
determining, via at least one server device of the one or more server devices, relationships between the plurality of network nodes or among the network traffic using the generated traffic signatures, where determining the relationships includes;
clustering the generated traffic signatures to determine the relationships between the plurality of network nodes or among the network traffic, anddetermining clusters of the plurality of network nodes that are related using the clustered traffic signatures, where determining the clusters includes determining, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source;
determining, via at least one server device of the one or more server devices, a common traffic value comprising a number of times the common source visited a document stored at one of the plurality of network nodes; and
storing, via at least one server device of the one or more server devices, the common traffic value.
2 Assignments
0 Petitions
Accused Products
Abstract
A system includes multiple logging units, an aggregating unit, and an evaluation unit. The logging unit logs traffic attributes associated with network traffic received at multiple network nodes and generates traffic signatures using the received attributes. The aggregating unit aggregates the traffic signatures generated at the multiple logging units. The evaluating unit determines relationships among the network traffic or between the plurality of network nodes using the aggregated traffic signatures.
24 Citations
25 Claims
-
1. A method performed by one or more server devices, comprising:
-
receiving, via at least one server device of the one or more server devices, attributes associated with network traffic logged at a plurality of network nodes; generating, via at least one server device of the one or more server devices, traffic signatures using the received attributes; determining, via at least one server device of the one or more server devices, relationships between the plurality of network nodes or among the network traffic using the generated traffic signatures, where determining the relationships includes; clustering the generated traffic signatures to determine the relationships between the plurality of network nodes or among the network traffic, and determining clusters of the plurality of network nodes that are related using the clustered traffic signatures, where determining the clusters includes determining, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source; determining, via at least one server device of the one or more server devices, a common traffic value comprising a number of times the common source visited a document stored at one of the plurality of network nodes; and storing, via at least one server device of the one or more server devices, the common traffic value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
a plurality of logging units to; log traffic attributes associated with network traffic received at a plurality of network nodes, and generate traffic signatures using the received attributes; an aggregating unit to aggregate the traffic signatures generated at the plurality of logging units; and an evaluation unit to determine relationships between the plurality of network nodes or among the network traffic using the aggregated traffic signatures, where the evaluation unit, when determining the relationships, is further to; cluster the generated traffic signatures to determine the relationships between the plurality of network nodes or among the network traffic, and determine clusters of the plurality of network nodes that are related using the clustered traffic signatures, where the evaluation unit, when determining the clusters, is further to determine, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source. - View Dependent Claims (15)
-
-
16. A method, comprising:
-
receiving, via at least one server device of one or more server devices, traffic signatures, where the traffic signatures comprise network addresses associated with clients that have accessed documents stored at a plurality of network nodes and a number of times each respective client accessed the documents; and determining, via at least one server device of the one or more server devices, relationships between the plurality of network nodes or among the network traffic using the received traffic signatures, where determining the relationships includes; clustering the traffic signatures to determine the relationships between the plurality of network nodes or among the network traffic, and determining clusters of the plurality of network nodes that are related using the clustered traffic signatures, where determining the clusters includes determining, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source. - View Dependent Claims (17, 18, 19, 20)
-
-
21. One or more memory devices containing instructions to control at least one processor in one or more computer devices to perform a method, the method comprising:
-
receiving traffic signatures, where the traffic signatures comprise network addresses associated with clients that have accessed documents stored at a plurality of network nodes and a number of times each respective client accessed the documents; and determining relationships between the plurality of network nodes using the received traffic signatures, where determining the relationships includes; clustering the traffic signatures to determine the relationships between the plurality of network nodes or among the network traffic, and determining clusters of the plurality of network nodes that are related using the clustered traffic signatures, where determining the clusters includes determining, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source. - View Dependent Claims (22, 23, 24)
-
-
25. A method, comprising:
-
receiving, via at least one server device of one or more server devices, Internet Protocol (IP) addresses associated with network traffic received at a plurality of network nodes, where the network traffic is associated with attempts by users to access documents stored at the plurality of network nodes; receiving, via at least one server device of the one or more server devices, traffic values that comprise a number of times respective users have attempted to access respective one of the documents stored at the plurality of network nodes; generating, via at least one server device of the one or more server devices, traffic signatures using the received IP addresses and traffic values; clustering, via the at least one server device, the generated traffic signatures to determine relationships between the plurality of network nodes or among the network traffic; and determining clusters of the plurality of network nodes that are related using the traffic signatures, where determining the clusters includes determining, based on the relationships, one or more of the plurality of network nodes that receive traffic from a common source.
-
Specification