METHOD AND APPARATUS OF NETWORK ARTIFACT INDENTIFICATION AND EXTRACTION
First Claim
1. A method comprising:
- aggregating a payload data from different network packets to form an matching the payload data with an entry of a library of known artifacts;
determining a type of the payload data based on a match with the entry of the library of known artifacts;
separating the payload data from a header data in a network packet; and
communicating the aggregated payload data as an extracted artifact to a user.
11 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and apparatus of network artifact identification and extraction are disclosed. In one embodiment, a method includes aggregating a payload data (e.g., may be a component of the extracted artifact) from different network packets to form an aggregated payload data, matching the payload data with an entry of a library of known artifacts, determining a type of the payload data based on a match with the entry of the library of known artifacts, separating the payload data from a header data in a network packet, and communicating the aggregated payload data as an extracted artifact to a user. The method may include using the extracted artifact to perform network visibility analysis of users on packets flowing across the network. The method may validate that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts.
-
Citations
20 Claims
-
1. A method comprising:
-
aggregating a payload data from different network packets to form an matching the payload data with an entry of a library of known artifacts; determining a type of the payload data based on a match with the entry of the library of known artifacts; separating the payload data from a header data in a network packet; and communicating the aggregated payload data as an extracted artifact to a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. A system comprising:
-
a packet rearrange module to reorder a network packet and other network packets based on a sequence number of each of the network packet and other network packets; a packet analyzer module to separate a payload data from a header data in the network packet; an identification module to match the payload data with an entry of a library of known artifacts; a validation module to verify that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts; a type module determine a type of the payload data based on a match with the entry in the library of known artifacts; a presentation module to aggregate the payload data from different network packets to form an aggregated payload data; and an extraction module to communicate the aggregated payload data as an extracted artifact to a user. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
forming a library of known artifacts by identifying markers found in data files stored in each instance of a particular type of artifact; identifying at least one marker in a packet transmitted through a network based on a match with the library; determining a type of a file associated with the packet based on the at least one marker; aggregating relevant portions of the packet with other packets associated having the at least one marker to extract the file from the network; and using the extracted file to perform network visibility analysis of a plurality of users on data files flowing across the network. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification