Network analysis system and method utilizing collected metadata

US 8,631,124 B2
Filed: 06/27/2011
Issued: 01/14/2014
Est. Priority Date: 11/13/2002
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method, comprising:

collecting network traffic;

generating a command, based on the network traffic, that invokes a web service, which generates metadata to be used in analyzing the network traffic;

collecting the metadata, wherein the metadata comprises one or more Web Service Definition Language (WSDL) documents;

correlating the network traffic with the metadata;

identifying a portion of the network traffic correlated with a portion of the metadata having the one or more WSDL documents;

generating a parser, which is based, at least in part, on the portion of the metadata having the one or more WSDL documents, to analyze the portion of the network traffic, wherein the parser indicates a syntax that is expected of the portion of the network traffic; and

determining whether invocations and responses for the web service in the portion of the network traffic are correctly formed.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for analyzing network traffic associated with network services. Initially, network traffic and metadata are collected from a network. Thereafter, the network traffic is analyzed utilizing the metadata.

104 Citations

View as Search Results

14 Claims

1. A computer-implemented method, comprising:
- collecting network traffic;
  
  generating a command, based on the network traffic, that invokes a web service, which generates metadata to be used in analyzing the network traffic;
  
  collecting the metadata, wherein the metadata comprises one or more Web Service Definition Language (WSDL) documents;
  
  correlating the network traffic with the metadata;
  
  identifying a portion of the network traffic correlated with a portion of the metadata having the one or more WSDL documents;
  
  generating a parser, which is based, at least in part, on the portion of the metadata having the one or more WSDL documents, to analyze the portion of the network traffic, wherein the parser indicates a syntax that is expected of the portion of the network traffic; and
  
  determining whether invocations and responses for the web service in the portion of the network traffic are correctly formed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method as recited in claim 1, wherein the parser checks the network traffic for syntax errors.
  - 3. The computer-implemented method as recited in claim 1, wherein the parser receives input in a form of at least one of:
    - source program instructions, interactive online commands, markup tags, and a defined interface.
  - 4. The computer-implemented method as recited in claim 1, wherein the parser is provided as part of a compiler configured to receive input, which is broken into objects or attributes.
  - 5. The computer-implemented method as recited in claim 1, wherein the command is associated with a service call, which is selected from a universal description, discovery, and integration (UDDI) registry that lists the service call as being associated with the application service provider.
  - 6. The computer-implemented method as recited in claim 1, wherein the metadata indicates scanning particular payloads, which are associated with web services, for malware.
  - 7. The computer-implemented method as recited in claim 1, wherein the metadata includes a database schema.

8. Logic encoded in one or more non-transitory computer readable media that includes code executable by one or more processors, wherein the code causes the one or more processors to perform operations, comprising:
- collecting network traffic;
  
  generating a command, based on the network traffic, that invokes a web service, which generates metadata to be used in analyzing the network traffic;
  
  collecting the metadata, wherein the metadata comprises one or more Web Service Definition Language (WSDL) documents;
  
  correlating the network traffic with the metadata;
  
  identifying a portion of the network traffic correlated with a portion of the metadata having the one or more WSDL documents;
  
  generating a parser, which is based, at least in part, on the portion of the metadata having the one or more WSDL documents, to analyze the portion of the network traffic, wherein the parser indicates a syntax that is expected of the portion of the network traffic; and
  
  determining, using the parser, whether invocations and responses for the web service in the portion of the network traffic are correctly formed.
- View Dependent Claims (9, 10, 11)
- - 9. The logic as recited in claim 8, wherein the parser checks the network traffic for syntax errors, and wherein the parser is provided as part of a compiler configured to receive input, which is broken into objects or attributes.
  - 10. The logic as recited in claim 8, wherein the parser receives input in a form of at least one of:
    - source program instructions, interactive online commands, markup tags, and a defined interface.
  - 11. The logic as recited in claim 8, wherein the command is associated with a service call, which is selected from a universal description, discovery, and integration (UDDI) registry that lists the service call as being associated with the application service provider.

12. An apparatus, comprising:
- a network traffic collector;
  
  a metadata aggregator;
  
  a network analyzer coupled to the network traffic collector and the metadata aggregator; and
  
  one or more processors operable to execute instructions associated with the network traffic collector, the metadata aggregator, and the network analyzer such that the apparatus including the one or more processors is configured to;
  
  collect network traffic;
  
  generate a command, based on the network traffic, that invokes a web service, which generates metadata to be used in analyzing the network traffic;
  
  collect the metadata, wherein the metadata comprises one or more Web Service Definition Language (WSDL) documents;
  
  correlate the network traffic with the metadata;
  
  identify a portion of the network traffic correlated with a portion of the metadata having the one or more WSDL documents;
  
  generate a parser, which is based, at least in part, on the portion of the metadata having the one or more WSDL documents, to analyze the portion of the network traffic, wherein the parser indicates a syntax that is expected of the portion of the network traffic; and
  
  determine, using the parser, whether invocations and responses for the web service in the portion of the network traffic are correctly formed.
- View Dependent Claims (13, 14)
- - 13. The apparatus of claim 12, wherein the command is associated with a service call, which is selected from a universal description, discovery, and integration (UDDI) registry that lists the service call as being associated with the application service provider.
  - 14. The apparatus of claim 12, wherein the apparatus is further configured for:
    - identifying a message in the network traffic to be authenticated based on the metadata; and
      
      generating a particular parser, which is based on collected metadata, for analyzing the network traffic, wherein the particular parser checks the network traffic for syntax errors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Whitmore, Brent S, La Cholter, William J., Lawler, Geoff
Primary Examiner(s)
Daftuar, Saket K

Application Number

US13/169,153
Publication Number

US 20110258315A1
Time in Patent Office

932 Days
Field of Search

709/216, 709/219, 709/220, 709/223, 709/224, 709/225, 709/232, 726 22- 26, 726/30, 713/151, 713/153, 713/154, 713/181, 713/187, 713/188, 713/200, 713/201, 714/15, 707/1, 707/2, 707/10, 707/4, 707/999.001, 707/999.002, 707/999.004, 707/999.01, 370/241, 370/253, 370/224, 370/231, 370/252, 370/400
US Class Current

709/224
CPC Class Codes

H04L 41/0273   using web services for netw...

H04L 41/142   using statistical or mathem...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 69/329   in the application layer [O...

Y10S 707/99931   Database or file accessing

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/9994   Distributed or remote access

Network analysis system and method utilizing collected metadata

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network analysis system and method utilizing collected metadata

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links