System and method for real-time analysis of network traffic

US 9,369,366 B2
Filed: 12/08/2015
Issued: 06/14/2016
Est. Priority Date: 09/13/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method for monitoring live-data flow through a network, comprising:

monitoring, at a first processing node, a mirrored live-data flow of the live-data flow passing through at least one selected point within the network in a non-intrusive manner that does not affect the live-data flow passing through the at least one selected point, wherein the live-data flow comprises a plurality of simultaneous live-data flows that are in active transmission between endpoints in the network and prior to onward storage of the data in a database;

decoding, at the first processing node, data within the mirrored data flow according to each protocol associated with the data, wherein the data has a plurality of protocols associated therewith, and the data is decoded in parallel according to each of the plurality of protocols;

comparing, at the first processing node, the decoded data to at least one of a set of predetermined or deduced conditions defined by at least one of a plurality of applications implemented on a second processing node;

executing at least one of a predetermined or deduced response including an indication of occurrence of the at least one predetermined or deduced condition based upon detection of the at least one predetermined or deduced condition within the decoded data;

forwarding from the first processing node to a second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of the at least one predetermined or deduced condition defined by at least one of a plurality of applications implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows;

processing, at the second processing node, at least a portion of the decoded data forwarded from the first processing node using at least one of the plurality of applications implemented on the second processing node, the processing of the decoded data by the at least one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network; and

controlling the operation of the network in response to the processing step while events associated with the live-data flow are occurring within the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mirrored live-data flow of the live-data flow passing through a selected point within a network is monitored at a first processing node. The live-data flow comprises data that is in active transmission between endpoints in the network and prior to exit from the network and onward storage of the data in a database. Each packet within the mirrored data flow is decoded at the first processing node according to each protocol associated with a packet. Packets having a plurality of protocols associated therewith are decoded in parallel with each other. Each of the decoded packets are compared at the first processing node to a set of predetermined or deduced conditions. A predetermined or deduced response is executed based upon detection of a predetermined or deduced condition within the decoded packets. At least a portion of the decoded packets of the live-data flow causing execution of the predetermined or deduced response are processed at a second processing node to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network. The operation of the network is controlled in response to the processing step.

34 Citations

View as Search Results

24 Claims

1. A method for monitoring live-data flow through a network, comprising:
- monitoring, at a first processing node, a mirrored live-data flow of the live-data flow passing through at least one selected point within the network in a non-intrusive manner that does not affect the live-data flow passing through the at least one selected point, wherein the live-data flow comprises a plurality of simultaneous live-data flows that are in active transmission between endpoints in the network and prior to onward storage of the data in a database;
  
  decoding, at the first processing node, data within the mirrored data flow according to each protocol associated with the data, wherein the data has a plurality of protocols associated therewith, and the data is decoded in parallel according to each of the plurality of protocols;
  
  comparing, at the first processing node, the decoded data to at least one of a set of predetermined or deduced conditions defined by at least one of a plurality of applications implemented on a second processing node;
  
  executing at least one of a predetermined or deduced response including an indication of occurrence of the at least one predetermined or deduced condition based upon detection of the at least one predetermined or deduced condition within the decoded data;
  
  forwarding from the first processing node to a second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of the at least one predetermined or deduced condition defined by at least one of a plurality of applications implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows;
  
  processing, at the second processing node, at least a portion of the decoded data forwarded from the first processing node using at least one of the plurality of applications implemented on the second processing node, the processing of the decoded data by the at least one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network; and
  
  controlling the operation of the network in response to the processing step while events associated with the live-data flow are occurring within the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the step of forwarding further comprises forwarding from the first processing node to the second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of at least one predetermined or deduced condition defined by a plurality of the plurality of application implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows.
  - 3. The method of claim 2, wherein the step of processing further comprises processing at least a portion of the data forwarded from the first processing node using the plurality of the plurality of applications implemented on the second processing node, each of the plurality of applications independently processing a received portion of the data forwarded from the first processing node, the processing of the data by the plurality of the plurality of applications causing execution of the at least one predetermined or deduced response to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 4. The method of claim 1, wherein the step of forwarding further comprises forwarding from the first processing node to the second processing node data from a plurality of the plurality of simultaneous live-data flows based upon occurrence of at least one predetermined or deduced condition defined by one of the plurality of application implemented on the second processing node within the plurality of the plurality of simultaneous live-data flows.
  - 5. The method of claim 4, wherein the step of processing further comprises processing at least a portion of the data forwarded from the first processing node using the one of the plurality of applications implemented on the second processing node, the processing of the data by the one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine the manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 6. The method of claim 1, wherein the step of forwarding further comprises forwarding from the first processing node to the second processing node data from a plurality of the plurality of simultaneous live-data flows based upon occurrence of at least one predetermined or deduced condition defined by a plurality of the plurality of application implemented on the second processing node within the plurality of the plurality of simultaneous live-data flows.
  - 7. The method of claim 6, wherein the step of processing further comprises processing at least a portion of the data forwarded from the first processing node using the plurality of the plurality of applications implemented on the second processing node, the processing of the data by the plurality of the plurality of applications causing execution of the at least one predetermined or deduced response to determine the manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 8. The method of claim 1, wherein the step of processing further comprises the steps of:
    - receiving the data forwarded responsive to the occurrence of one of the at least one predetermined or deduced conditions;
      
      assigning at least one predefined application to the received data;
      
      processing the received data using the assigned at least one predefined application in simultaneous multithreaded parallel fashion to generate at least one control action for controlling the operation in the network at the same time the live-data flow is in active transmission between the endpoints in the network, wherein controlling comprises alerting or instructing a network provider to affect an event outcome before the event is finalized; and
      
      controlling the operation of the network using the at least one control action.
  - 9. The method of claim 1, wherein the step of monitoring further comprises:
    - detecting the plurality of live-data flows passing through the at least one selected point of the network; and
      
      creating the mirrored live-data flow from the detected plurality of live data flows.
  - 10. The method of claim 1, wherein the step of monitoring further comprises monitoring, at the first processing node, the mirrored data flow of the live-data flow passing through a plurality of selected points.
  - 11. The method of claim 1, wherein the step of controlling further comprises performing at least one of interception, interdict, adjust content or prevent an action on network activity or to stop, shape, alter, copy, redirect or release a network activity at a same time the live-data flow is in transmission between the endpoints in the network and before exit of the data from the network to affect an outcome before the event is finalized.

12. A system for monitoring live-data flow through a network, comprising:
- at least one server communicating with the network;
  
  at least one network interface card associated with the at least one server for providing access to the live-data flow through the network;
  
  a processor within each of the at least one server, the processor implementing a first processing node for;
  
  monitoring, at a first processing node, a mirrored live-data flow of the live-data flow passing through at least one selected point within the network in a non-intrusive manner that does not affect the live-data flow passing through the at least one selected point, wherein the live-data flow comprises a plurality of simultaneous live-data flows that are in active transmission between endpoints in the network and prior to onward storage of the data in a database;
  
  decoding, at the first processing node, data within the mirrored live-data flow according to each protocol associated with the data, wherein the data has a plurality of protocols associated therewith, and the data is decoded in parallel according to each of the plurality of protocols;
  
  comparing, at the first processing node, the decoded data to at least one of a set of predetermined or deduced conditions defined by at least one of a plurality of applications implemented on a second processing node;
  
  executing at least one of a predetermined or deduced response including an indication of occurrence of the at least one predetermined or deduced condition based upon detection of the at least one predetermined or deduced condition within the decoded data;
  
  forwarding from the first processing node to a second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of the at least one predetermined or deduced condition defined by at least one of the plurality of application implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows;
  
  the processor within the at least one server the processor further implementing the second processing node for;
  
  processing, at the second processing node, at least a portion of the data forwarded from the first processing node using at least one of the plurality of applications implemented on the second processing node, the processing of the data by the at least one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network; and
  
  controlling the operation of the network in response to the processing step while events associated with the live-data flow are occurring within the network.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 13. The system of claim 12, wherein the processor further implements the first processing node for forwarding from the first processing node to the second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of the at least one predetermined or deduced condition defined by the plurality of the plurality of application implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows.
  - 14. The system of claim 13, wherein the processor further implements the second processing node for processing at least a portion of the data forwarded from the first processing node using the plurality of the plurality of applications implemented on the second processing node, each of the plurality of applications independently processing a received portion of the data forwarded from the first processing node, the processing of the data by the plurality of the plurality of applications causing execution of the at least one predetermined or deduced response to determine the manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 15. The system of claim 12, wherein the processor further implements the first processing node for forwarding from the first processing node to the second processing node data from a plurality of the plurality of simultaneous live-data flows based upon occurrence of at least one predetermined or deduced condition defined by one of the plurality of application implemented on the second processing node within the plurality of the plurality of simultaneous live-data flows.
  - 16. The system of claim 15, wherein the processor further implements the second processing node for processing at least a portion of the data forwarded from the first processing node using the one of the plurality of applications implemented on the second processing node, the processing of the data by the one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine the manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 17. The system of claim 12, wherein the processor further implements the first processing node for forwarding from the first processing node to the second processing node data from a plurality of the plurality of simultaneous live-data flows based upon occurrence of at least one predetermined or deduced condition defined by a plurality of the plurality of application implemented on the second processing node within the plurality of the plurality of simultaneous live-data flows.
  - 18. The system of claim 17, wherein the processor further implements the second processing node for processing at least a portion of the data forwarded from the first processing node using the plurality of the plurality of applications implemented on the second processing node, the processing of the data by the plurality of the plurality of applications causing execution of the at least one predetermined or deduced response to determine the manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network.
  - 19. The system of claim 12, wherein the processor further implements the second processing node for:
    - receiving the data forwarded responsive to the occurrence of one of the at least one predetermined or deduced conditions;
      
      assigning at least one predefined application to the received data;
      
      processing the received data using the assigned at least one predefined application in simultaneous multithreaded parallel fashion to generate at least one control action for controlling the operation in the network at the same time the live-data flow is in active transmission between the endpoints in the network, wherein controlling comprises alerting or instructing a network provider to affect an event outcome before the event is finalized; and
      
      controlling the operation of the network using the at least one control action.
  - 20. The system of claim 12, wherein the processor further implements the first processing node for:
    - detecting the plurality of live-data flows passing through the at least one selected point of the network; and
      
      creating the mirrored live-data flow from the detected plurality of live-data flows.
  - 21. The system of claim 12, wherein the processor further implements the first processing node for monitoring, at the first processing node, the mirrored data flow of the live-data flow passing through a plurality of selected points.
  - 22. The system of claim 12, wherein the processor further implements the second processing node for performing at least one of interception, interdict, adjust content or prevent an action on network activity or to stop, shape, alter, copy, redirect or release a network activity at a same time the live-data flow is in transmission between the endpoints in the network and before exit of the data from the network to affect an outcome before the event is finalized.
  - 23. The system of claim 12, wherein the live-data flows are provided from either a physical or virtualized network live-data source.
  - 24. The system of claim 12, wherein the at least one server and the at least one network interface card are either physical or virtualized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network Kinetix, Llc
Original Assignee
Network Kinetix, Llc
Inventors
Ramachandran, Hariharan, Richards, Carissa, Quoc, Myvan
Primary Examiner(s)
KATSIKIS, KOSTAS J

Application Number

US14/962,660
Publication Number

US 20160094429A1
Time in Patent Office

189 Days
Field of Search

709223-224, 709230-232
US Class Current

1/1
CPC Class Codes

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5016   the resource being the memory

H04L 41/0816   the condition being an adap...

H04L 41/142   using statistical or mathem...

H04L 41/16   using machine learning or a...

H04L 41/5009   Determining service level p...

H04L 41/5051   Service on demand, e.g. def...

H04L 43/08   Monitoring or testing based...

H04L 43/0894   Packet rate

H04L 43/16   Threshold monitoring

H04L 47/10   Flow control; Congestion co...

H04M 15/47   Fraud detection or preventi...

H04M 15/8214   Data or packet based

H04M 15/8228   Session based

H04M 3/2218   Call detail recording

H04W 12/128   Anti-malware arrangements, ...

System and method for real-time analysis of network traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for real-time analysis of network traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links