METHOD AND APPARATUS OF NETWORK ARTIFACT INDENTIFICATION AND EXTRACTION

US 20090290580A1
Filed: 05/23/2008
Published: 11/26/2009
Est. Priority Date: 05/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

aggregating a payload data from different network packets to form an matching the payload data with an entry of a library of known artifacts;

determining a type of the payload data based on a match with the entry of the library of known artifacts;

separating the payload data from a header data in a network packet; and

communicating the aggregated payload data as an extracted artifact to a user.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and apparatus of network artifact identification and extraction are disclosed. In one embodiment, a method includes aggregating a payload data (e.g., may be a component of the extracted artifact) from different network packets to form an aggregated payload data, matching the payload data with an entry of a library of known artifacts, determining a type of the payload data based on a match with the entry of the library of known artifacts, separating the payload data from a header data in a network packet, and communicating the aggregated payload data as an extracted artifact to a user. The method may include using the extracted artifact to perform network visibility analysis of users on packets flowing across the network. The method may validate that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts.

Citations

20 Claims

1. A method comprising:
- aggregating a payload data from different network packets to form an matching the payload data with an entry of a library of known artifacts;
  
  determining a type of the payload data based on a match with the entry of the library of known artifacts;
  
  separating the payload data from a header data in a network packet; and
  
  communicating the aggregated payload data as an extracted artifact to a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
- - 2. The method of claim 1 further comprising:
    - using the extracted artifact to perform network visibility analysis of a plurality of users on packets flowing across the network, wherein the extracted artifact is at least one of a word processing document, a spreadsheet document, a database, an image, a video, a multimedia file, an email, an instant message communication, an audio file, a compressed file, an executable file, a web page, and a presentation.
  - 3. The method of claim 1 further comprising:
    - validating that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts;
      
      determining that the payload data is encrypted;
      
      applying an encrypted data processing module of a network appliance to generate a request for the encrypted data from a source on behalf of a requestor;
      
      receiving a decryption key from a source of the encrypted data;
      
      decrypting the encrypted data on the network appliance using the decryption key; and
      
      determining the type of the encrypted data based on the decryption.
  - 4. The method of claim 1 further comprising:
    - determining that the artifact is incomplete through an examination of a file structure with a known file specification; and
      
      communicating at least a portion of the incomplete artifact to the user.
  - 5. The method of claim 1 further comprising forming the library of known artifacts by identifying markers found in data files stored in each instance of a particular type of artifact.
  - 6. The method of claim 5 wherein the payload data is a component of the extracted artifact, and wherein the markers include at least one of start bits of the artifact, payload length of the artifact, a set of ending bits, and other identification bits found in each instance of the artifact.
  - 7. The method of claim 1 in a form of a machine-readable medium embodying a set of instructions that, when executed by a machine, causes the machine to perform the method of claim 1.
  - 20. The method of claim 14 in a form of a machine-readable medium embodying a set of instructions that, when executed by a machine, causes the machine to perform the method of claim 1.

8. A system comprising:
- a packet rearrange module to reorder a network packet and other network packets based on a sequence number of each of the network packet and other network packets;
  
  a packet analyzer module to separate a payload data from a header data in the network packet;
  
  an identification module to match the payload data with an entry of a library of known artifacts;
  
  a validation module to verify that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts;
  
  a type module determine a type of the payload data based on a match with the entry in the library of known artifacts;
  
  a presentation module to aggregate the payload data from different network packets to form an aggregated payload data; and
  
  an extraction module to communicate the aggregated payload data as an extracted artifact to a user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8 further comprising:
    - a network visibility module to perform network visibility analysis of a plurality of users on packets flowing across the network using the extracted artifact, wherein the extracted artifact is at least one of a word processing document, a spreadsheet document, a database, an image, a video, a multimedia file, an email, an instant message communication, an audio file, a compressed file, an executable file, a web page, and a presentation.
  - 10. The system of claim 8 further comprising:
    - a determination module to determine that the payload data is encrypted;
      
      encrypted data processing module to generate a request for the encrypted data from a source on behalf of a requestor and to receive a decryption key on a network appliance; and
      
      a decryption module to apply the decryption key to decrypt the encrypted data on the network appliance.
  - 11. The system of claim 8 further comprising:
    - an incomplete management module to determine that the artifact is incomplete, and to communicate at least a portion of the incomplete artifact to the user.
  - 12. The system of claim 8 further comprising a library formation module to create the library of known artifacts by identifying markers found in data files stored in each instance of a particular type of artifact.
  - 13. The system of claim 8 wherein the payload data is a component of the extracted artifact, wherein the markers include at least one of start bits of the artifact, payload length of the artifact, a set of ending bits, and other identification bits found in each instance of the artifact.

14. A method comprising:
- forming a library of known artifacts by identifying markers found in data files stored in each instance of a particular type of artifact;
  
  identifying at least one marker in a packet transmitted through a network based on a match with the library;
  
  determining a type of a file associated with the packet based on the at least one marker;
  
  aggregating relevant portions of the packet with other packets associated having the at least one marker to extract the file from the network; and
  
  using the extracted file to perform network visibility analysis of a plurality of users on data files flowing across the network.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14 further comprising:
    - communicating the extracted file to a user after reordering the packet and the other packets based on sequence numbers of each packet.
  - 16. The method of claim 14 wherein the extracted file is at least one of a word processing document, a spreadsheet document, a database, an image, a video, a multimedia file, an email, an instant message communication, an audio file, a compressed file, an executable file, a web page, and a presentation.
  - 17. The method of claim 14 further comprising:
    - determining that the packet is encrypted;
      
      applying an encrypted data processing module of a network appliance to generate a request for the encrypted data from a source on behalf of a requester;
      
      receiving a decryption key on the network appliance;
      
      decrypting the packet on the network appliance using the decryption key; and
      
      determining the type of an encrypted file based on decrypted data.
  - 18. The method of claim 14 further comprising:
    - determining that the extracted file is incomplete; and
      
      communicating at least a portion of the extracted file that is incomplete to the user.
  - 19. The method of claim 14 wherein the markers include at least one of start bits of the artifact, payload length of the artifact, a set of ending bits, and other identification bits found in each instance of the artifact.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Brown, James, Tveit, Paal, Edginton, Brian, Wood, Matthew Scott, Shillingford, Steve

Granted Patent

US 8,625,642 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0428   wherein the data content is...

H04L 67/75   Indicating network or usage...

METHOD AND APPARATUS OF NETWORK ARTIFACT INDENTIFICATION AND EXTRACTION

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS OF NETWORK ARTIFACT INDENTIFICATION AND EXTRACTION

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links