Method and apparatus of network artifact indentification and extraction

US 8,625,642 B2
Filed: 05/23/2008
Issued: 01/07/2014
Est. Priority Date: 05/23/2008
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine readable medium, comprising:

a packet rearrange module to reorder received network packets based upon sequence numbers;

a packet analyzer module to separate payload data from header data in the received network packets;

an identification module to perform a first match of the payload data with an entry from a library of known artifacts;

a validation module to perform a second match of the payload data based upon a deeper analysis of the payload data with another entry from the library of known artifacts;

a library formation module to populate a table with characteristics of a packet of the received network packets;

an extraction module to communicate an extracted artifact to a user, wherein the extracted artifact is a file with aggregated payload data from a presentation module that includes reordered network packets based on sequence numbers of each packet from the packet rearrange module and wherein the file has an associated file type based on marker matches with the library of known artifacts;

an incomplete management module to identify an incomplete artifact through a comparison of the extracted artifact with a file structure with a known file specification; and

a visibility module to perform network visibility analyses of the extracted artifact.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and apparatus of network artifact identification and extraction are disclosed. In one embodiment, a method includes aggregating a payload data (e.g., may be a component of the extracted artifact) from different network packets to form an aggregated payload data, matching the payload data with an entry of a library of known artifacts, determining a type of the payload data based on a match with the entry of the library of known artifacts, separating the payload data from a header data in a network packet, and communicating the aggregated payload data as an extracted artifact to a user. The method may include using the extracted artifact to perform network visibility analysis of users on packets flowing across the network. The method may validate that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts.

245 Citations

8 Claims

1. A non-transitory machine readable medium, comprising:
- a packet rearrange module to reorder received network packets based upon sequence numbers;
  
  a packet analyzer module to separate payload data from header data in the received network packets;
  
  an identification module to perform a first match of the payload data with an entry from a library of known artifacts;
  
  a validation module to perform a second match of the payload data based upon a deeper analysis of the payload data with another entry from the library of known artifacts;
  
  a library formation module to populate a table with characteristics of a packet of the received network packets;
  
  an extraction module to communicate an extracted artifact to a user, wherein the extracted artifact is a file with aggregated payload data from a presentation module that includes reordered network packets based on sequence numbers of each packet from the packet rearrange module and wherein the file has an associated file type based on marker matches with the library of known artifacts;
  
  an incomplete management module to identify an incomplete artifact through a comparison of the extracted artifact with a file structure with a known file specification; and
  
  a visibility module to perform network visibility analyses of the extracted artifact.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory machine readable medium of claim 1 wherein each row of the table includes characteristics of a single network packet.
  - 3. The non-transitory machine readable medium of claim 2 wherein the characteristics specify packet start bits.
  - 4. The non-transitory machine readable medium of claim 2 wherein the characteristics specify packet length.
  - 5. The non-transitory machine readable medium of claim 2 wherein the characteristics specify packet end bits.
  - 6. The non-transitory machine readable medium of claim 2 wherein the characteristics specify an artifact type selected from a word processing document, a spreadsheet document, a database, an image, a video, a multimedia file, an email, an instant message communication, an audio file, a compressed file, an executable file, and a web page.
  - 7. The non-transitory machine readable medium of claim 2 wherein the characteristics specify an encryption indicator.
  - 8. The non-transitory machine readable medium of claim 1 further comprising:
    - a determination module to determine that the payload data is encrypted;
      
      encrypted data processing module to generate a request for the encrypted data from a source and to receive a decryption key from the source;
      
      a decryption module to apply the decryption key to decrypt the encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Solera Networks, Inc. (Gen Digital Inc.)
Inventors
Wood, Matthew Scott, Tveit, Paal, Edginton, Brian, Shillingford, Steve, Brown, James
Primary Examiner(s)
Cho, Un C
Assistant Examiner(s)
Liu, Siming

Application Number

US12/126,551
Publication Number

US 20090290580A1
Time in Patent Office

2,055 Days
Field of Search

370/529, 726/22, 726/23, 726/29
US Class Current

370/529
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0428   wherein the data content is...

H04L 67/75   Indicating network or usage...

Method and apparatus of network artifact indentification and extraction

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of network artifact indentification and extraction

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links