Network analysis system and method utilizing collected metadata

US 7,991,827 B1
Filed: 11/13/2002
Issued: 08/02/2011
Est. Priority Date: 11/13/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for analyzing network traffic associated with network services, comprising:

collecting network traffic from a network;

collecting metadata associated with the network traffic from the network;

analyzing the network traffic utilizing the metadata, the analyzing including generating a plurality of parsers based on the metadata, utilizing a processor; and

identifying an application service provider from the network traffic;

wherein the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;

wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;

wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;

wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;

wherein the parsers break the input into parts including objects, methods, and associated attributes or options;

wherein a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;

wherein the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for analyzing network traffic associated with network services. Initially, network traffic and metadata are collected from a network. Thereafter, the network traffic is analyzed utilizing the metadata.

Citations

36 Claims

1. A method for analyzing network traffic associated with network services, comprising:
- collecting network traffic from a network;
  
  collecting metadata associated with the network traffic from the network;
  
  analyzing the network traffic utilizing the metadata, the analyzing including generating a plurality of parsers based on the metadata, utilizing a processor; and
  
  identifying an application service provider from the network traffic;
  
  wherein the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The method as recited in claim 1, wherein the network includes an Internet.
  - 3. The method as recited in claim 2, wherein the network services include web services.
  - 4. The method as recited in claim 1, wherein the network traffic is correlated with the metadata prior to the analysis of the network traffic.
  - 5. The method as recited in claim 4, wherein the correlating includes initiating the commands for retrieving the metadata as a function of the software configuration.
  - 6. The method as recited in claim 4, wherein the correlating includes initiating the commands for retrieving the metadata as a function of the network traffic.
  - 7. The method as recited in claim 5, wherein the commands include calls to other services.
  - 8. The method as recited in claim 1, and further comprising storing the network traffic and the metadata prior to the analysis of the network traffic.
  - 9. The method as recited in claim 8, wherein the analysis of the network traffic occurs after an extended period following the collection of the network traffic and the metadata.
  - 10. The method as recited in claim 1, wherein the network traffic is collected after the metadata is collected.
  - 11. The method as recited in claim 1, wherein the network traffic is collected before the metadata is collected.
  - 12. The method as recited in claim 1, wherein the network traffic is collected simultaneously with the metadata.
  - 13. The method as recited in claim 1, wherein each of the parsers is associated with a corresponding portion of the metadata.
  - 14. The method as recited in claim 1, wherein the analysis of the network traffic further includes processing the network traffic utilizing the parsers.
  - 15. The method as recited in claim 14, wherein the analysis of the network traffic further includes reporting on at least one aspect of the network traffic based on the processing.
  - 16. The method as recited in claim 1, wherein the analysis of the network traffic includes authenticating the network traffic.
  - 17. The method as recited in claim 16, wherein the network traffic is authenticated based on an authentication test involving the metadata.
  - 24. The method as recited in claim 1, wherein the metadata includes database schemas.
  - 25. The method as recited in claim 1, wherein the metadata includes certificates.
  - 26. The method as recited in claim 1, wherein the metadata is collected from the network traffic.
  - 27. The method as recited in claim 1, wherein the metadata includes Web Service Definition Language (WSDL) documents.
  - 28. The method as recited in claim 1, wherein the metadata is collected by a metadata aggregator.
  - 29. The method as recited in claim 1, wherein the network traffic is collected by a network traffic collector.
  - 30. The method as recited in claim 1, wherein the application service provider provides the at least one web service.
  - 31. The method as recited in claim 30, wherein the at least one web service includes at least one of a storage management service and a customer relationship management service.
  - 32. The method as recited in claim 30, wherein the at least one web service is accessed via a peer-to-peer arrangement.
  - 33. The method as recited in claim 1, wherein the collecting of the metadata uses stored information in the network traffic and preconfigured metadata.
  - 34. The method as recited in claim 13, wherein each of the parsers indicates a syntax that is expected of the network traffic associated with the corresponding portion of the metadata.
  - 35. The method as recited in claim 34, wherein if a problem with the expected syntax of the network traffic is discovered, then the problem is either reported or corrected.
  - 36. The method as recited in claim 1, wherein the analyzing of the network traffic includes determining whether the network traffic is correct by determining whether web service invocations and responses are correctly formed.

18. A computer program product embodied on a non-transitory computer-readable medium, comprising:
- computer code for collecting network traffic from a network;
  
  computer code for collecting metadata associated with the network traffic from the network;
  
  computer code for analyzing the network traffic utilizing the metadata, the analyzing including generating a plurality of parsers based on the metadata; and
  
  computer code for identifying an application service provider from the network traffic;
  
  wherein the computer program product is operable such that the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein the computer program product is operable such that a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the computer program product is operable such that the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

19. A system implemented in hardware, comprising:
- a network traffic collector for collecting network traffic from a network;
  
  a metadata aggregator for collecting metadata associated with the network traffic from the network;
  
  a network analyzer coupled to the network traffic collector and the metadata aggregator, the network analyzer adapted for analyzing the network traffic utilizing the metadata; and
  
  logic for identifying an application service provider from the network traffic;
  
  wherein the system is operable such that the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the system is operable such that the analysis of the network traffic includes generating a plurality of parsers based on the metadata;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein the system is operable such that a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the system is operable such that the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

20. A system implemented in hardware, comprising:
- means for collecting network traffic from a network;
  
  means for collecting metadata associated with the network traffic from the network;
  
  means for analyzing the network traffic utilizing the metadata, the analyzing including generating a plurality of parsers based on the metadata; and
  
  means for identifying an application service provider from the network traffic;
  
  wherein the system is operable such that the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein the system is operable such that a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the system is operable such that the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

21. A method for analyzing network traffic, comprising:
- collecting network traffic and metadata from a network for analyzing the network traffic and the metadata for the purpose of analyzing a web service associated therewith, anddentifying an application service provider from the network traffic;
  
  wherein the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the analysis of the network traffic includes generating a plurality of parsers based on the metadata;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

22. A method for analyzing network traffic associated with web services, comprising:
- collecting network traffic from a plurality of application service providers over a network utilizing a processor, the network traffic being associated with web services provided by the application service providers;
  
  collecting metadata associated with the network traffic from the network;
  
  analyzing the network traffic utilizing the metadata for investigating a quality of the web services, the analyzing including generating a plurality of parsers based on the metadata, utilizing a processor; and
  
  identifying an application service provider from the network traffic;
  
  wherein the metadata is correlated with the network traffic, and the correlated metadata is stored in a memory;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

23. A method for analyzing network traffic associated with web services, comprising:
- collecting network traffic from a network associated with web services, utilizing a processor;
  
  correlating the network traffic and metadata associated with the network traffic by;
  
  initiating commands, and collecting the metadata associated with the network traffic in response to the commands;
  
  storing the network traffic and the metadata;
  
  analyzing the network traffic utilizing the metadata, the analyzing including generating a plurality of parsers based on the metadata, utilizing a processor; and
  
  identifying an application service provider from the network traffic;
  
  wherein the correlating of the metadata with the network traffic is carried out by generating the commands based on the network traffic and a software configuration;
  
  wherein the commands include universal description, discovery, and integration (UDDI) service calls that invoke at least one web service associated with the application service provider identified from the network traffic;
  
  wherein the parsers are programs that receive input in a form of at least one of sequential source program instructions, interactive online commands, markup tags, and a defined interface;
  
  wherein the parsers break the input into parts including objects, methods, and associated attributes or options;
  
  wherein a selection of the UDDI service calls is based on UDDI service calls listed by a UDDI as being associated with the application service provider identified from the network traffic;
  
  wherein the metadata is utilized to indicate which messages of the network traffic should be authenticated, indicate which messages of the network traffic should not be authenticated, and indicate how to authenticate the messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Lawler, Geoff, La Cholter, William J., Whitmore, Brent S
Primary Examiner(s)
Dinh; Khanh Q
Assistant Examiner(s)
Daftuar; Saket K

Application Number

US10/294,363
Time in Patent Office

3,184 Days
Field of Search

709/201, 709/203, 709223-225, 709/229, 709/245, 709/250, 709/220, 370/241, 370/253, 370/224, 370/231, 370/252, 370/400, 707/1, 707/2, 707/10, 707/4, 707/999.001, 707/999.002, 707/999.004, 707/999.01
US Class Current

709/203
CPC Class Codes

H04L 41/0273   using web services for netw...

H04L 41/142   using statistical or mathem...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 69/329   in the application layer [O...

Y10S 707/99931   Database or file accessing

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/9994   Distributed or remote access

Network analysis system and method utilizing collected metadata

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Network analysis system and method utilizing collected metadata

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links