Identifying security properties of systems from application crash traffic
First Claim
Patent Images
1. A method performed by a computer processing unit, the method comprising:
- obtaining, from a network capture point that connects a first network to a second network, a network traffic log reflecting communications of multiple computing devices on the first network that connect to the second network through the network capture point;
distinguishing error reporting traffic in the network traffic log from other network traffic in the network traffic log using a known characteristic of the error reporting traffic, wherein the error reporting web traffic includes;
first error reporting traffic sent by a first computing device through the network capture point to an error reporting service, wherein the first error reporting traffic sent by the first computing device through the network capture point to the error reporting service reports that a first crash or problem involving a first application has occurred on the first computing device, andsecond error reporting traffic sent by a second computing device through the network capture point to the error reporting service, wherein the second error reporting traffic sent by the second computing device through the network capture point to the error reporting service reports that a second crash or problem involving a second application has occurred on the second computing device;
reviewing the first error reporting traffic to identify a first reportable error that indicates a cause of the first crash or problem;
reviewing the second error reporting traffic to identify a second reportable error that indicates a cause of the second crash or problem; and
outputting the first reportable error and the second reportable error.
3 Assignments
0 Petitions
Accused Products
Abstract
Most machines in an organization'"'"'s computer network connect to the Internet and create web traffic logs which allow analysis of HTTP traffic in a simple, centralized way. The web traffic logs may contain error reports and error reports contain significant information that can be used to detect network security. By reviewing the error reports, significant information about a network and its security can be found as common sources of network security weakness may be watched for in the error reports.
-
Citations
22 Claims
-
1. A method performed by a computer processing unit, the method comprising:
-
obtaining, from a network capture point that connects a first network to a second network, a network traffic log reflecting communications of multiple computing devices on the first network that connect to the second network through the network capture point; distinguishing error reporting traffic in the network traffic log from other network traffic in the network traffic log using a known characteristic of the error reporting traffic, wherein the error reporting web traffic includes; first error reporting traffic sent by a first computing device through the network capture point to an error reporting service, wherein the first error reporting traffic sent by the first computing device through the network capture point to the error reporting service reports that a first crash or problem involving a first application has occurred on the first computing device, and second error reporting traffic sent by a second computing device through the network capture point to the error reporting service, wherein the second error reporting traffic sent by the second computing device through the network capture point to the error reporting service reports that a second crash or problem involving a second application has occurred on the second computing device; reviewing the first error reporting traffic to identify a first reportable error that indicates a cause of the first crash or problem; reviewing the second error reporting traffic to identify a second reportable error that indicates a cause of the second crash or problem; and outputting the first reportable error and the second reportable error. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system comprising:
-
a computer processing unit; and computer executable instructions which, when executed by the computer processing unit, cause the computer processing unit to; obtain, from an access point that connects a first network to a second network, a network traffic log reflecting network communications of multiple computing devices on the first network that connect to the second network through the access point; distinguish error reporting traffic in the network traffic log from other network traffic in the network traffic log using a known characteristic of the error reporting traffic, wherein the error reporting web traffic includes; first error reporting traffic sent by a first computing device through the access point to an error reporting service, wherein the first error reporting traffic sent by the first computing device through the access point to the error reporting service reports that a first crash or problem involving a first application has occurred on the first computing device, and second error reporting traffic sent by a second computing device through the access point to the error reporting service, wherein the second error reporting traffic sent by the second computing device through the access point to the error reporting service reports that a second crash or problem involving a second application has occurred on the second computing device; review the first error reporting traffic to identify a first reportable error that indicates a cause of the first crash or problem; review the second error reporting traffic to identify a second reportable error that indicates a cause of the second crash or problem; and output the first reportable error and the second reportable error. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer storage device or memory device comprising computer executable instructions that physically configure a computer processing unit to perform acts comprising:
-
obtaining, from a network device that connects a first network to a second network, a network traffic log reflecting communications of multiple computing devices on the first network that send the communications to the second network through the first network and the network device; distinguishing error reporting traffic in the network traffic log from other network traffic in the network traffic log using a known characteristic of the error reporting traffic, wherein the error reporting web traffic includes; first error reporting traffic sent by a first computing device through the network device to an error reporting service, wherein the first error reporting traffic sent by the first computing device through the network device to the error reporting service reports that a first crash or problem involving a first application has occurred on the first computing device, and second error reporting traffic sent by a second computing device through the network device to the error reporting service, wherein the second error reporting traffic sent by the second computing device through the network device to the error reporting service reports that a second crash or problem involving a second application has occurred on the second computing device; reviewing the first error reporting traffic to identify a first reportable error that indicates a cause of the first crash or problem; reviewing the second error reporting traffic to identify a second reportable error that indicates a cause of the second crash or problem; and outputting the first reportable error and the second reportable error. - View Dependent Claims (18, 19, 20)
-
-
21. A method performed by a computer processing unit, the method comprising:
-
obtaining, from a network capture point that connects a first network to the Internet, one or more web traffic logs reflecting web communications of multiple computing devices on the first network that send the web communications to the Internet through the first network and the network capture point; distinguishing error reporting web traffic from other web traffic in the one or more web traffic logs obtained from the network capture point by evaluating the one or more web traffic logs using one or more known characteristics of the error reporting web traffic, wherein the error reporting web traffic includes; first error reporting traffic sent by a first computing device through the network capture point to an Internet error reporting service, wherein the first error reporting traffic sent by the first computing device through the network capture point to the Internet error reporting service reports that a first crash or problem involving a first application has occurred on the first computing device, and second error reporting traffic sent by a second computing device through the network capture point to the Internet error reporting service, wherein the second error reporting traffic sent by the second computing device through the network capture point to the Internet error reporting service reports that a second crash or problem involving a second application has occurred on the second computing device; reviewing the first error reporting traffic to identify a first reportable error that indicates a cause of the first crash or problem; reviewing the second error reporting traffic to identify a second reportable error that indicates a cause of the second crash or problem; and outputting the first reportable error and the second reportable error. - View Dependent Claims (22)
-
Specification