Mapping network service dependencies
First Claim
Patent Images
1. A method for discovering a service dependency chain in a data network without any active injection of data traffic, the method comprising:
- providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps;
discovering service dependencies;
identifying a potential service dependency chain based on at least a portion of the service dependencies;
building a number of data paths for the potential service dependency chain;
computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and
determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy;
wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for discovering a service dependency chain. Service dependencies are discovered. A potential service dependency chain is identified based on at least a portion of the service dependencies. A number of data paths are built for the potential service dependency chain. A chain transfer entropy is computed for the potential service dependency chain based on the number of data paths. A determination is made as to whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy.
13 Citations
26 Claims
-
1. A method for discovering a service dependency chain in a data network without any active injection of data traffic, the method comprising:
-
providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps; discovering service dependencies; identifying a potential service dependency chain based on at least a portion of the service dependencies; building a number of data paths for the potential service dependency chain; computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy; wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for discovering a service dependency chain between three or more services, the method comprising:
-
providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps; discovering service dependencies; identifying a potential service dependency chain based on at least a portion of the service dependencies; building a number of data paths for the potential service dependency chain, wherein a data path in the number of data paths includes a forward path and a return path that both fall within a path time period; computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy; wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. An apparatus comprising:
a network manager, running on a processor unit in a data network having a number of client devices and a number of service devices, that discovers service dependencies, the network manager receiving data from a number of sensors;
responsive to receiving the data, the network manager identifies a potential service dependency chain based on at least a portion of the service dependencies;
builds a number of data paths for the potential service dependency chain;
computes a chain transfer entropy for the potential service dependency chain based on the number of data paths; and
determines that the potential service dependency chain is the service dependency chain when the chain transfer entropy of the potential service dependency chain is greater than a cumulative distribution function of the chain transfer entropies for the number of data paths;
wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.- View Dependent Claims (23, 24, 25, 26)
Specification