Mapping network service dependencies

US 10,200,482 B2
Filed: 12/04/2015
Issued: 02/05/2019
Est. Priority Date: 10/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method for discovering a service dependency chain in a data network without any active injection of data traffic, the method comprising:

providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps;

discovering service dependencies;

identifying a potential service dependency chain based on at least a portion of the service dependencies;

building a number of data paths for the potential service dependency chain;

computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and

determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy;

wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for discovering a service dependency chain. Service dependencies are discovered. A potential service dependency chain is identified based on at least a portion of the service dependencies. A number of data paths are built for the potential service dependency chain. A chain transfer entropy is computed for the potential service dependency chain based on the number of data paths. A determination is made as to whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy.

13 Citations

26 Claims

1. A method for discovering a service dependency chain in a data network without any active injection of data traffic, the method comprising:
- providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps;
  
  discovering service dependencies;
  
  identifying a potential service dependency chain based on at least a portion of the service dependencies;
  
  building a number of data paths for the potential service dependency chain;
  
  computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and
  
  determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy;
  
  wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein building the number of data paths comprises:
    - building a data path over a path time period.
  - 3. The method of claim 1, wherein building the number of data paths comprises:
    - building a forward path; and
      
      building a return path, wherein the forward path and the return path form a data path in the number of data paths.
  - 4. The method of claim 1, wherein building the number of data paths comprises:
    - building a forward path for a data path in the number of data paths from an initial service to a final service; and
      
      representing the forward path using W(t), wherein W(t) is an amount of information that is initially sent from the initial service to a service along the forward path.
  - 5. The method of claim 4, wherein building the number of data paths further comprises:
    - building a return path for the data path in the number of data paths from the final service to the initial service; and
      
      representing the return path using Z(t), wherein Z(t) is a minimum amount of information that is sent from one service to another service along the return path.
  - 6. The method of claim 1, wherein determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy comprises:
    - comparing the chain transfer entropy to a selected threshold.
  - 7. The method of claim 1, wherein determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy comprises:
    - determining that the potential service dependency chain represents the service dependency chain when the chain transfer entropy is greater than or equal to a selected threshold.
  - 8. The method of claim 1, wherein identifying the potential service dependency chain comprises:
    - identifying a group of service dependencies formed by n services based on at least a portion of the service dependencies discovered.
  - 9. The method of claim 1, wherein discovering the service dependencies comprises:
    - identifying a plurality of connections between nodes in a data network.
  - 10. The method of claim 9, wherein discovering the service dependencies further comprises:
    - identifying a set of connection pairs based on the plurality of connections identified.
  - 11. The method of claim 10, wherein discovering the service dependencies further comprises:
    - creating a set of time series for the set of connection pairs using monitoring data received from a plurality of sensors monitoring the data network.
  - 12. The method of claim 11, wherein discovering the service dependencies further comprises:
    - discovering the service dependencies using the set of time series.
  - 13. The method of claim 12, wherein the network manager is configured to run on a processor unit and to discover the service dependency chain without any active injection of data traffic.
  - 14. The method of claim 1, wherein the service dependencies are discovered using data from a number of sensors in a network.
  - 15. The method of claim 1, further comprising:
    - computing chain transfer entropies for the number of data paths;
      
      computing a cumulative distribution function of the chain transfer entropies for the number of data paths; and
      
      determining that the potential service dependency chain is the service dependency chain when the chain transfer entropy is greater than the cumulative distribution function.

16. A method for discovering a service dependency chain between three or more services, the method comprising:
- providing a network manager running on a processor unit and connected to the data network, the network manager configured to perform the following steps;
  
  discovering service dependencies;
  
  identifying a potential service dependency chain based on at least a portion of the service dependencies;
  
  building a number of data paths for the potential service dependency chain, wherein a data path in the number of data paths includes a forward path and a return path that both fall within a path time period;
  
  computing a chain transfer entropy for the potential service dependency chain based on the number of data paths; and
  
  determining whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy;
  
  wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein building the number of data paths comprises:
    - building the forward path for the data path in the number of data paths from an initial service to a final service; and
      
      representing the forward path using W(t), wherein W(t) is a piece of information that is initially sent from the initial service.
  - 18. The method of claim 17, wherein building the number of data paths further comprises:
    - building the return path for the data path in the number of data paths from the final service to the initial service; and
      
      representing the return path using Z(t), wherein Z(t) is a minimum amount of information that is sent from one service to another service along the return path.
  - 19. The method of claim 16, wherein discovering the service dependencies comprises:
    - identifying a plurality of connections between nodes in a data network;
      
      identifying a set of connection pairs based on the plurality of connections identified;
      
      creating a set of time series for the set of connection pairs using monitoring data received from a plurality of sensors monitoring the data network; and
      
      discovering the service dependencies using the set of time series.
  - 20. The method of claim 16, wherein the service dependencies are discovered using data from a number of sensors in a network.
  - 21. The method of claim 16, further comprising:
    - computing chain transfer entropies for the number of data paths;
      
      computing a cumulative distribution function of the chain transfer entropies for the number of data paths; and
      
      determining that the potential service dependency chain is the service dependency chain when the chain transfer entropy is greater than the cumulative distribution function.

22. An apparatus comprising:
- a network manager, running on a processor unit in a data network having a number of client devices and a number of service devices, that discovers service dependencies, the network manager receiving data from a number of sensors;
  
  responsive to receiving the data, the network manager identifies a potential service dependency chain based on at least a portion of the service dependencies;
  
  builds a number of data paths for the potential service dependency chain;
  
  computes a chain transfer entropy for the potential service dependency chain based on the number of data paths; and
  
  determines that the potential service dependency chain is the service dependency chain when the chain transfer entropy of the potential service dependency chain is greater than a cumulative distribution function of the chain transfer entropies for the number of data paths;
  
  wherein the network manager compares the discovered service dependencies to baseline service dependencies and compares the service dependency chain to a baseline service dependency chain in order to detect attacks and deviations from normal operations of the network.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The apparatus of claim 22, wherein a data path in the number of data paths includes a forward path and a return path.
  - 24. The apparatus of claim 23, wherein the forward path is represented using W(t) in which W(t) is a piece of information that is initially sent from an initial service and wherein the return path is represented using Z(t) in which Z(t) is a minimum amount of information that is sent from one service to another service along the return path.
  - 25. The apparatus of claim 22, wherein the network manager comprises:
    - a connection manager that identifies a plurality of connections between nodes in a data network and that identifies a set of connection pairs based on the plurality of connections identified;
      
      a time series builder that creates a set of time series for the set of connection pairs; and
      
      a dependency evaluator that discovers the service dependencies in the data network using the set of time series.
  - 26. The apparatus of claim 22, wherein the network manager is configured to run on a processor unit and to discover the service dependency chain without any active injection of data traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Sylla, Pape, Kim, Hyun Jin, El Defrawy, Karim
Primary Examiner(s)
Nguyen, Tu T

Application Number

US14/959,532
Publication Number

US 20160119437A1
Time in Patent Office

1,159 Days
Field of Search

709224
US Class Current
CPC Class Codes

H04L 67/51 Discovery or management the...

Mapping network service dependencies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Mapping network service dependencies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links