Methods, communication networks, and computer program products for monitoring, examining, and/or blocking traffic associated with a network element based on whether the network element can be trusted

US 8,977,745 B2
Filed: 02/18/2013
Issued: 03/10/2015
Est. Priority Date: 12/22/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a communication network, comprising:

determining whether a network element can be trusted, wherein determining whether a network element can be trusted comprises;

generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element;

generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time;

comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time;

monitoring traffic associated with the network element based on whether the network element can be trusted; and

selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element;

wherein monitoring traffic comprises;

monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element;

providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element;

selecting traffic for monitoring using rules that are based on network element trust information; and

selecting some of the traffic that was monitored for examination based on a degree of trust for the network element;

wherein monitoring traffic further comprises;

specifying the traffic to be monitored based on traffic classification;

examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and

providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element;

wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication network is operated by determining whether a network element can be trusted and monitoring traffic associated with the network element based on whether the network element can be trusted. At least some of the monitored traffic may be selected for examination based on the degree of trust for the network element. At least some of the monitored and/or examined traffic is selected to be blocked based on the degree of trust for the network element.

20 Citations

15 Claims

1. A method of operating a communication network, comprising:
- determining whether a network element can be trusted, wherein determining whether a network element can be trusted comprises;
  
  generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element;
  
  generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time;
  
  comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time;
  
  monitoring traffic associated with the network element based on whether the network element can be trusted; and
  
  selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element;
  
  wherein monitoring traffic comprises;
  
  monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element;
  
  providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element;
  
  selecting traffic for monitoring using rules that are based on network element trust information; and
  
  selecting some of the traffic that was monitored for examination based on a degree of trust for the network element;
  
  wherein monitoring traffic further comprises;
  
  specifying the traffic to be monitored based on traffic classification;
  
  examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and
  
  providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element;
  
  wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein comparing the first hash value with the second hash value to determine whether the network element can be trusted comprises comparing the first hash value with the second hash value to determine a degree of trust for the network element.
  - 3. The method of claim 1, wherein monitoring traffic further comprises:
    - specifying the traffic to be monitored based on one of a time duration and a traffic amount.
  - 4. The method of claim 1, wherein monitoring the traffic further comprises:
    - obtaining input via the human expert interface; and
      
      revising the results with respect to whether the traffic contains unexpected information based on the input.
  - 5. The method of claim 1, further comprising:
    - examining the some of the traffic that was monitored using one of rules, pattern matching techniques, and deviation from expected values techniques to determine if the traffic contains unexpected information based on the degree of trust for the network element.
  - 6. The method of claim 5, wherein examining the some of the traffic that was monitored comprises:
    - obtaining input via the human expert interface; and
      
      revising the results with respect to whether the some of the traffic that was monitored contains unexpected information based on the input.
  - 7. The method of claim 1, further comprising:
    - blocking the some of the traffic to be blocked using filtering based on one of source address, destination address, port, protocol, and state of a connection.
  - 8. The method of claim 7, wherein blocking the some of the traffic to be blocked comprises:
    - obtaining input via the human expert interface; and
      
      permanently blocking the some of the traffic to be blocked based on the input.
  - 9. The method of claim 1, further comprising:
    - modifying rules, pattern matching techniques, and deviation from expected values techniques used in monitoring the traffic and examining the some of the traffic.
  - 10. A method according to claim 1 wherein the network element is a communications device comprising one of a router, a gateway, a switching device, a cable modem, a digital subscriber line modem, a public switched telephone network modem, a wireless local area network modem, a wireless wide area network modem, a computer with a modem, a mobile terminal with a modem, a personal data assistant with a modem, and a cellular telephone with a modem.

11. A system, comprising:
- a processor; and
  
  a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations comprising;
  
  generating a first hash value based on data associated with the network element wherein the first hash value is based on a configuration of the network element at a first time and the first hash value is an acceptable result for the configuration of the network element;
  
  generating a second hash value based on the data associated with the network element wherein the second hash value is based on a configuration of the network element at a second time different than the first time;
  
  comparing the first hash value with the second hash value to determine whether the network element can be trusted based on whether a change has occurred in the configuration of the network between the first time and the second time;
  
  monitoring traffic associated with the network element based on whether the network element can be trusted; and
  
  selecting some of the traffic that was monitored to be blocked based on the degree of trust for the network element;
  
  wherein monitoring traffic comprises;
  
  monitoring the traffic using rules to determine if the traffic contains unexpected information based on the degree of trust for the network element;
  
  providing results with respect to whether the traffic contains unexpected information to a human expert interface based on the degree of trust for the network element;
  
  selecting traffic for monitoring using rules that are based on network element trust information; and
  
  selecting some of the traffic that was monitored for examination based on a degree of trust for the network element;
  
  wherein monitoring traffic further comprises;
  
  specifying the traffic to be monitored based on traffic classification;
  
  examining the traffic that was monitored and was selected using rules using a level of examination selected from a plurality of levels of examination to determine whether the traffic contains unexpected information based on the degree of trust for the network element; and
  
  providing results with respect to whether the traffic that was monitored and was selected using rules contains unexpected information to the human expert interface based on the degree of trust for the network element;
  
  wherein the level of examination of the traffic that was monitored and was selected using rules is based on the degree of trust for the network element.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein comparing the first hash value with the second hash value to determine whether the network element can be trusted comprises comparing the first hash value with the second hash value to determine a degree of trust for the network element.
  - 13. The system of claim 11, wherein monitoring traffic further comprises:
    - specifying the traffic to be monitored based on one of a time duration and a traffic amount.
  - 14. The system of claim 11, wherein monitoring the traffic further comprises:
    - obtaining input via the human expert interface; and
      
      revising the results with respect to whether the traffic contains unexpected information based on the input.
  - 15. The system of claim 11, wherein the operations further comprise:
    - examining the some of the traffic that was monitored using one of rules, pattern matching techniques, and deviation from expected values techniques to determine if the traffic contains unexpected information based on the degree of trust for the network element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Aaron, Jeffrey A., Shrum, Edgar Vaughan Jr.
Primary Examiner(s)
Keehn, Richard G

Application Number

US13/769,693
Publication Number

US 20130160118A1
Time in Patent Office

750 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 67/1057   involving pre-assessment of...

Methods, communication networks, and computer program products for monitoring, examining, and/or blocking traffic associated with a network element based on whether the network element can be trusted

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, communication networks, and computer program products for monitoring, examining, and/or blocking traffic associated with a network element based on whether the network element can be trusted

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links