Detecting transparent network communication interception appliances
First Claim
1. A method, in a data processing system, for identifying transparent network communication interception appliances in a network topology, comprising:
- collecting, by an application detection mechanism in the data processing system, network configuration data from a plurality of devices in the network topology;
analyzing, by the appliance detection mechanism, the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance, wherein the appliance detection mechanism is a separate mechanism from the transparent network communication interception appliance;
calculating, by the appliance detection mechanism, a confidence measure value based on results of the analysis of the collected network configuration data; and
sending, by the appliance detection mechanism, a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value;
wherein the one or more heuristics comprises a multiple gateway heuristic that analyzes subnet gateway computing device assignment to an associated group of devices, in the plurality of devices in the network topology to identify whether more than one gateway computing device is associated with the group of devices, and wherein calculating the confidence measure value comprises increasing the confidence measure value in response to the multiple gateway heuristic identifying more than one gateway computing device being associated with the group of devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for identifying transparent network communication interception appliances in a network topology. The mechanisms collect network configuration data from a plurality of devices in the network topology and analyze the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance. The mechanisms calculate a confidence measure value based on results of the analysis of the collected network configuration data. The mechanisms further send a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value.
42 Citations
23 Claims
-
1. A method, in a data processing system, for identifying transparent network communication interception appliances in a network topology, comprising:
- collecting, by an application detection mechanism in the data processing system, network configuration data from a plurality of devices in the network topology;
analyzing, by the appliance detection mechanism, the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance, wherein the appliance detection mechanism is a separate mechanism from the transparent network communication interception appliance;
calculating, by the appliance detection mechanism, a confidence measure value based on results of the analysis of the collected network configuration data; andsending, by the appliance detection mechanism, a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value; wherein the one or more heuristics comprises a multiple gateway heuristic that analyzes subnet gateway computing device assignment to an associated group of devices, in the plurality of devices in the network topology to identify whether more than one gateway computing device is associated with the group of devices, and wherein calculating the confidence measure value comprises increasing the confidence measure value in response to the multiple gateway heuristic identifying more than one gateway computing device being associated with the group of devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- collecting, by an application detection mechanism in the data processing system, network configuration data from a plurality of devices in the network topology;
-
12. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on an appliance detection computing device, causes the computing device to:
- collect network configuration data from a plurality of devices in a network topology;
analyze the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance, wherein the appliance detection computing device is a separate device from the transparent network communication interception appliance;
calculate a confidence measure value based on results of the analysis of the collected network configuration data; and
send a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value;wherein the one or more heuristics comprises a multiple gateway heuristic that analyzes subnet gateway computing device assignment to an associated group of devices, in the plurality of devices in the network topology to identify whether more than one gateway computing device is associated with the group of devices, and wherein calculating the confidence measure value comprises increasing the confidence measure value in response to the multiple gateway heuristic identifying more than one gateway computing device being associated with the group of devices. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- collect network configuration data from a plurality of devices in a network topology;
-
23. An appliance detection apparatus, comprising:
- a processor; and
a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to;
collect network configuration data from a plurality of devices in a network topology;
analyze the collected network configuration data using one or more heuristics to identify patterns in the collected network configuration data indicative of the presence of a transparent network communication interception appliance, wherein the appliance detection apparatus is a separate apparatus from the transparent network communication interception appliance;
calculate a confidence measure value based on results of the analysis of the collected network configuration data; and
send a notification of a detected presence of a transparent network communication interception appliance to a computing device in response to the calculated confidence measure value meeting or exceeding at least one threshold value;wherein the one or more heuristics comprises a multiple gateway heuristic that analyzes subnet gateway computing device assignment to an associated group of devices, in the plurality of devices in the network topology to identify whether more than one gateway computing device is associated with the group of devices, and wherein calculating the confidence measure value comprises increasing the confidence measure value in response to the multiple gateway heuristic identifying more than one gateway computing device being associated with the group of devices.
- a processor; and
Specification