Method, device arrangement and computer program product for producing identity graphs for analyzing communication network
First Claim
1. A method for recognizing and analyzing relations between taps of a communication device in a packet connected communication network and the communication network, comprising the steps of:
- gathering traffic information in the communication network with a tap of a communication device connected to the communication network, the tap examining header information of connections of the communication network;
storing the information gathered by the tap in a data storage, the tap connected to the data storage, the tap and the data storage together defining a network probe, the network probe being one of i) a physical device and ii) a computer unit;
observing connections of the communication network with the network probe, each connection travels in the communication network and has header information describing the connection, the header information including an identity of the connection and relations to other identities, wherein the observing the connections comprises the tap i) passively analyzing IP packets and association logs received to the tap, the association logs being a description of an observed connection of the communication network, the description being searchable for identities, from the IP packets and association logs, locating the header information of the observed connections, ii) using the located header information to determine the identities of the observed connections and the relations between the observed connections, and iii) saving at least a part of the located header information, the identities, and the relations to the data storage;
with the network probe, modelling the determined identities and relations as identity flows, the identity flows describing i) the identities, ii) the relations of the identities to the other identities, and iii) identity changes, the identity flows being relative to time and place of the connections; and
using at least some of the identity flows for creating an identity graph for analyzing functioning of the communication network, the identity graph being a graphical presentation of the relations of the identities, with the identities of different places and devices of the communication network being marked in the identity graph, and the relations of the identities to the other identities being marked in the identity graph, the identity graphs describing the communication network depending on from where and when the communication network is observed, wherein the identities and the relations of the identities to the other identities to be included in an identity graph are chosen according to predetermined modifiers, the modifiers defining objects in the communication network which are the object of interest for the analyzing of the communication network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, a device arrangement and a computer program product for examining and analyzing the functioning of a communication network. In one or more taps of the examined communication network there is a network probe which examines communication packets flowing in the communication network via a tap and searches for identities and their relations from their header information. Identities and relations between them are used to create an identity flow which is used to create an identity graph for describing the operation of the communication network. A network probe(s) sends all or a part of the data of the traffic of the communication network it has collected or analyzed to a supervisor unit. The data is sent according to previously given instructions or by a request sent by the supervisor unit. The identities and relations between them to be included in the identity graph are chosen according to predetermined modifiers.
25 Citations
27 Claims
-
1. A method for recognizing and analyzing relations between taps of a communication device in a packet connected communication network and the communication network, comprising the steps of:
-
gathering traffic information in the communication network with a tap of a communication device connected to the communication network, the tap examining header information of connections of the communication network; storing the information gathered by the tap in a data storage, the tap connected to the data storage, the tap and the data storage together defining a network probe, the network probe being one of i) a physical device and ii) a computer unit; observing connections of the communication network with the network probe, each connection travels in the communication network and has header information describing the connection, the header information including an identity of the connection and relations to other identities, wherein the observing the connections comprises the tap i) passively analyzing IP packets and association logs received to the tap, the association logs being a description of an observed connection of the communication network, the description being searchable for identities, from the IP packets and association logs, locating the header information of the observed connections, ii) using the located header information to determine the identities of the observed connections and the relations between the observed connections, and iii) saving at least a part of the located header information, the identities, and the relations to the data storage; with the network probe, modelling the determined identities and relations as identity flows, the identity flows describing i) the identities, ii) the relations of the identities to the other identities, and iii) identity changes, the identity flows being relative to time and place of the connections; and using at least some of the identity flows for creating an identity graph for analyzing functioning of the communication network, the identity graph being a graphical presentation of the relations of the identities, with the identities of different places and devices of the communication network being marked in the identity graph, and the relations of the identities to the other identities being marked in the identity graph, the identity graphs describing the communication network depending on from where and when the communication network is observed, wherein the identities and the relations of the identities to the other identities to be included in an identity graph are chosen according to predetermined modifiers, the modifiers defining objects in the communication network which are the object of interest for the analyzing of the communication network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device arrangement for analyzing relations between taps of a communication device in a packet connected communication network and the communication network, comprising:
-
a communication device connected to the communication network, the communications device comprising at least one tap, the tap arranged for gathering up traffic information in the communication network, the tap examining header information of connections of the communication network; and a data storage unit storing the information gathered by the tap, the tap connected to the data storage unit, the tap and the data storage unit together defining a network probe, the network probe being one of i) a physical device and ii) a computer unit, the network probe arranged for observing connections of the communication network with the network probe, each connection travels in the communication network and has header information describing the connection, the header information including an identity of the connection and relations to other identities, wherein the observing the connections comprises the tap i) passively analyzing IP packets and association logs received to the tap, the association logs being a description of an observed connection of the communication network, the description being searchable for identities, from the IP packets and association logs, locating the header information of the observed connections, ii) using the located header information to determine the identities of the observed connections and the relations between the observed connections, and iii) saving at least a part of the located header information, the identities, and the relations to the data storage unit, the network probe modelling the determined identities and relations as identity flows, the identity flows describing i) the identities, ii) the relations of the identities to the other identities, and iii) identity changes, the identity flows being relative to time and place of the connections, and a graph-creating unit arranged for using at least some of the identity flows for creating an identity graph for analyzing functioning of the communication network, the identity graph being a graphical presentation of the relations of the identities, with the identities of different places and devices of the communication network being marked in the identity graph, and the relations of the identities to the other identities being marked in the identity graph, the identity graphs describing the communication network depending on from where and when the communication network is observed, wherein the identities and the relations of the identities to the other identities to be included in an identity graph are chosen according to predetermined modifiers, the modifiers defining objects in the communication network which are the object of interest for the analyzing of the communication network. - View Dependent Claims (11, 12, 13)
-
-
14. A non-transitory computer-readable data storage medium having recorded thereon a computer program product, the computer product when executed by a computer, controlling the computer to execute a method of:
-
gathering up traffic information in the communication network with taps of a communication device connected to the communication network, the taps examining header information of connections of the communication network; observing connections of the communication network with the taps, each connection travels in the communication network and has header information describing the connection, the header information including an identity of the connection and relations to other identities, wherein the observing the connections comprises the tap i) passively analyzing IP packets and association logs received to the tap, the association logs being a description of an observed connection of the communication network, the description being searchable for identities, from the IP packets and association logs, locating the header information of the observed connections, and ii) using the located header information to determine the identities of the observed connections and the relations between the observed connections; modelling the determined identities and relations as identity flows, the identity flows describing i) the identities, ii) the relations of the identities to the other identities, and iii) identity changes, the identity flows being relative to time and place of the connections; and using at least some of the identity flows for creating an identity graph for analyzing functioning of the communication network, the identity graph being a graphical presentation of the relations of the identities, with the identities of different places and devices of the communication network being marked in the identity graph, and the relations of the identities to the other identities being marked in the identity graph, the identity graphs describing the communication network depending on from where and when the communication network is observed, wherein the identities and the relations of the identities to the other identities to be included in an identity graph are chosen according to predetermined modifiers, the modifiers defining objects in the communication network which are the object of interest for the analyzing of the communication network. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer-readable data storage medium having recorded thereon a computer program product, the computer product when executed by a computer, controlling the computer to execute a method examining a communication network of:
-
gathering up traffic information in the communication network with a tap of a communication device connected to the communication network, the tap examining header information of connections of the communication network; storing the information gathered by the tap in a data storage, the tap connected to the data storage, the tap and the data storage together defining a network probe, the network probe being one of i) a physical device and ii) a computer unit; observing connections of the communication network with the network probe, each connection travels in the communication network and has header information describing the connection, the header information including an identity of the connection and relations to other identities, wherein the observing the connections comprises the tap i) passively analyzing IP packets and association logs received to the tap, the association logs being a description of an observed connection of the communication network, the description being searchable for identities, from the IP packets and association logs, locating the header information of the observed connections, ii) using the located header information to determine the identities of the observed connections and the relations between the observed connections, and iii) saving at least a part of the located header information, the identities, and the relations to the data storage; with the network probe, modelling the determined identities and relations as identity flows, the identity flows describing i) the identities, ii) the relations of the identities to the other identities, and iii) identity changes, the identity flows being relative to time and place of the connections; and using at least some of the identity flows for creating an identity graph for analyzing functioning of the communication network, the identity graph being a graphical presentation of the relations of the identities, with the identities of different places and devices of the communication network being marked in the identity graph, and the relations of the identities to the other identities being marked in the identity graph, the identity graphs describing the communication network depending on from where and when the communication network is observed, wherein the identities and the relations of the identities to the other identities to be included in an identity graph are chosen according to predetermined modifiers, the modifiers defining objects in the communication network which are the object of interest for the analyzing of the communication network. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification