Network flow monitoring
First Claim
1. A network flow monitoring and analysis system, comprising:
- a) at least one flow labeling agent configurable via labeling instructions to label at least part of a data packet flow with at least one unique and covert label; and
b) at least one sensor configurable to;
i) observe at least part of the data packet flow for the at least one unique and covert label; and
ii) generate at least one examination report, the at least one examination report comprising sensor data, the sensor data comprising;
(1) location information;
(2) time information;
(3) label information; and
(4) flow information;
c) at least one controller comprising;
i) at least one processor;
ii) at least one communications interface; and
iii) at least one non-transitory computer readable medium comprising instructions configured to cause the at least one processor to;
(1) communicate, via at least one of the at least one communications interface, labeling instructions to at least one of the at least one flow labeling agent;
(2) receive, via at least one of the at least one communications interface, at least one of the at least one examination report from at least one of the at least one sensor; and
(3) receive, via at least one of the at least one communications interface, event information, the event information describing at least one event; and
d) a correlation engine configured to;
i) generate correlation information from at least two of the following;
at least some of the location information;
at least some of the time information;
at least some of the event information;
at least some of the label information; and
at least some of the flow information;
ii) temporally sequence the sensor data employing at least some of the time information;
iii) geographically sequence the sensor data employing at least some of the location information;
iv) determine a path direction of at least part of the data packet flow from the temporally sequence and geographically sequence; and
v) generate multiple degrees of correlation, the multiple degrees of correlation comprising;
deterministic correlations; and
non-deterministic correlations.
1 Assignment
0 Petitions
Accused Products
Abstract
A network flow monitoring and analysis system comprises flow labeling agent(s), sensor(s), controller(s), and correlation engines(s). The flow labeling agent(s) label at data packet flow unique and covert label(s). The sensor(s) observe data packet flow for the unique and covert label(s) and generate examination report(s) from the observations. The examination report(s) comprise information such as: location information; time information; target information; path information; and flow information. The controller(s) communicate instructions to the labeling agent(s) and sensor(s), receive event information and manage the correlation engine(s). The correlation engine(s) correlate information from information such as the target information; event information; path information; and flow information.
-
Citations
18 Claims
-
1. A network flow monitoring and analysis system, comprising:
-
a) at least one flow labeling agent configurable via labeling instructions to label at least part of a data packet flow with at least one unique and covert label; and b) at least one sensor configurable to; i) observe at least part of the data packet flow for the at least one unique and covert label; and ii) generate at least one examination report, the at least one examination report comprising sensor data, the sensor data comprising; (1) location information; (2) time information; (3) label information; and (4) flow information; c) at least one controller comprising; i) at least one processor; ii) at least one communications interface; and iii) at least one non-transitory computer readable medium comprising instructions configured to cause the at least one processor to; (1) communicate, via at least one of the at least one communications interface, labeling instructions to at least one of the at least one flow labeling agent; (2) receive, via at least one of the at least one communications interface, at least one of the at least one examination report from at least one of the at least one sensor; and (3) receive, via at least one of the at least one communications interface, event information, the event information describing at least one event; and d) a correlation engine configured to; i) generate correlation information from at least two of the following; at least some of the location information; at least some of the time information; at least some of the event information; at least some of the label information; and at least some of the flow information; ii) temporally sequence the sensor data employing at least some of the time information; iii) geographically sequence the sensor data employing at least some of the location information; iv) determine a path direction of at least part of the data packet flow from the temporally sequence and geographically sequence; and v) generate multiple degrees of correlation, the multiple degrees of correlation comprising; deterministic correlations; and non-deterministic correlations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification