System and method for automated generation of web decoding templates
First Claim
1. A method, comprising:
- receiving, via a network interface of a decoding system, sample network packets exchanged with a web server that correspond with a target transaction type, wherein the packets are exchanged using a transfer protocol, wherein the packets comprise data of a target communication protocol with an unknown structure;
presenting, via a graphical user interface run by a decoding processor of the monitoring system, one or more of the packets on a display of an operator terminal;
receiving, by the decoding processor, one or more inputs from the operator terminal for formulating one or more recognition rules for recognizing target fields in the data of the target communication protocol, and one or more extraction rules for extracting target information from the recognized target fields;
generating, by the decoding processor, a structured template for parsing the target transaction type of the target communication protocol based on the one or more recognition rules and the one or more extraction rules;
receiving, via the network interface, subsequent network packets exchanged between one or more user computers and the web server, the subsequent network packets are encoded with the target communication protocol; and
decoding, by the decoding processor, the subsequent network packets using the one or more recognition rules and the one or more extraction rules of the structured template to extract the target information from the subsequent network packets.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for decoding communication protocols having an unknown structure. In the disclosed embodiments, a decoding system analyzes network traffic that uses such a communication protocol, and semi-automatically generates a structured template for decoding the protocol. In an example embodiment, the traffic comprises HTTP transactions used in some unknown variant of a Web-based e-mail or social network application, and the system generates an Extensible Markup Language (XML) template for parsing such transactions. The system enables an analyst to review sample transactions, and identify target components of the protocol that contain target information of interest. The system typically generates a set of rules with the assistance of the analyst.
14 Citations
20 Claims
-
1. A method, comprising:
-
receiving, via a network interface of a decoding system, sample network packets exchanged with a web server that correspond with a target transaction type, wherein the packets are exchanged using a transfer protocol, wherein the packets comprise data of a target communication protocol with an unknown structure; presenting, via a graphical user interface run by a decoding processor of the monitoring system, one or more of the packets on a display of an operator terminal; receiving, by the decoding processor, one or more inputs from the operator terminal for formulating one or more recognition rules for recognizing target fields in the data of the target communication protocol, and one or more extraction rules for extracting target information from the recognized target fields; generating, by the decoding processor, a structured template for parsing the target transaction type of the target communication protocol based on the one or more recognition rules and the one or more extraction rules; receiving, via the network interface, subsequent network packets exchanged between one or more user computers and the web server, the subsequent network packets are encoded with the target communication protocol; and decoding, by the decoding processor, the subsequent network packets using the one or more recognition rules and the one or more extraction rules of the structured template to extract the target information from the subsequent network packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18)
-
-
9. Apparatus, comprising:
-
a network interface configured to receive sample network packets exchanged with a web server that correspond with a target transaction type, wherein the packets are exchanged using a transfer protocol, and wherein the packets comprise data of a target communication protocol with an unknown structure, wherein the network interface is further configured to receive subsequent network packets exchanged between one or more user computers and the web server, the subsequent network packets are encoded with the target communication protocol; a non-transitory memory, which is configured to store the sample network traffic; and a processor computer programmed in software, which, when the software is executed on the processor computer, is configured to; present, via a graphical user interface, one or more of the packets on a display of an operator terminal, receive one or more inputs from the operator terminal to formulate one or more recognition rules for recognizing target fields in the data of the target communication protocol and one or more extraction rules for extracting target information from the recognized target fields, generate a structured template for parsing the target transaction type of the target communication protocol based on the one or more recognition rules and the one or more extraction rules, and decode the subsequent network packets using the one or more recognition rules and the one or more extraction rules of the structured template to extract the target information from the subsequent network packets. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 19, 20)
-
Specification