Patent application number | Description | Published |
20090190499 | System for Extracting and Combining Information from IP Device Configurations, Inventory Systems, and Real-Time Network Monitoring - The inventive system and method for improving network security, availability, and regulatory compliance, and maximizing a network comprises a network configuration component, a network inventory component, a network monitoring component, and a network assessment component, wherein information is extracted from each of the configuration, inventory, and monitoring components, the extracted information is combined and assessed in the assessment component, and the maximized network is produced using the combined information. In one embodiment, the combined information is stored in a database. In one embodiment, an XML is produced from the extracted inventory information, and this XML is converted to a canonical form. | 07-30-2009 |
20100034138 | Method and system for using dynamic throughput graphs for ensuring QoS in converged networks - Our invention is a method and system for a method of providing Quality of Service (QoS) over networks that do not provide any information and only serve to carry packets. Specifically, as Traffic traverses between various user networks via an opaque network, gateways at the edge of the user networks keep a record of the packets traversing into the opaque networks and packets traversing out of the opaque network. These gateways also know about the traffic classes that each of these packets belong to. The gateways at the ingress points (the user network where the packets originate) and the gateways at the egress points (the user network where the packets terminate) coordinate amongst themselves to exchange information about the number and latency of packets exchanged between the two. This information is used by the gateway at the ingress to estimate the state of the opaque network using dynamic throughput graphs. Admission control and | 02-11-2010 |
20100042605 | VERSIONING RELATIONAL DATABASE DISJOINT RECORDS - An inventive system and method for versioning relational database disjoint records comprises a relational database, configuration files translated into query files, and a version control system, wherein each query file is stored and checked into the version control system, updating a version number of the query file. Each query file comprises a set of query statements. Query files are retrieved from the version control system based on the version number or an independent data item, and put into the database for analysis. In one embodiment, one of the configuration files comprises a configuration of a device, such as a router, a switch, a firewall, or a medical record. The method comprises acquiring configuration files, changing the configuration files into query files and storing the query files, and checking each query file into a version control system, wherein the checking in updates a version number of the query file. | 02-18-2010 |
20100217853 | SYSTEM AND METHOD FOR POLICY BASED MANAGEMENT FOR A HIGH SECURITY MANET - A system and method for policy based management for a high security MANET comprises policy managers, each performing policy decision-making and policy enforcement using multiple policies, containers, each related to an application and each container having one policy manager, nodes, each having an infrastructure and at least one container, and dynamic community building blocks associating the containers having a same application, the containers being in different nodes, the associated containers maintained by the dynamic community building blocks on a secure network. Each container can define a security boundary around the node. Each container can be a lightweight virtual machine. The system can also have a special container having a policy manager only evaluating policies for conflicts. In one embodiment, a node can consist of multiple network devices and each network device is a container of its own. | 08-26-2010 |
20110299389 | Real Time Monitoring, Onset Detection And Control Of Congestive Phase-Transitions in Communication Networks - Systems and methods for managing network congestion through detecting the closeness to network congestion. The network includes a plurality of network nodes, where each node has at least one neighboring node and each node has a buffer for a queue of packets from other nodes. The system measures queue length at a node and the node's neighboring nodes, processes the measured queue lengths to obtain patterns of fluctuations for the measured queue length. The system determines if one or more of the measured nodes are in a transition-onset status toward a phase transition point based on the obtained patterns of fluctuation and generates congestion control signals based on the determination to route network traffic away. The phase transition point corresponds to a change from a non-congestive phase of the measured nodes to a congestive phase of the measured nodes. | 12-08-2011 |
20120020216 | COGNITIVE NETWORK LOAD PREDICTION METHOD AND APPARATUS - Loads for a wireless network having a plurality of end nodes are predicted by constructing a computer data set of end-to-end pairs of the end nodes included in the network using a computer model of the network; constructing a computerized set of observables from social information about users of the network; developing a computerized learned model of predicted traffic using at least the data set and the observables; and using the computerized learned model to predict future end-to-end network traffic. | 01-26-2012 |
20120059921 | VIRTUAL AD HOC NETWORK TESTBEDS FOR NETWORK-AWARE APPLICATIONS - A virtual ad hoc network testbed provides the capability to instrument a testbed in order to support the execution of network-aware applications “as is.” Network aware applications are a special class of applications that interact with a network not only by using the network for communication purposes, but also configure or read the status of network devices. Local stack management provides the means to automatically construct standard APIs for accessing the information residing in a simulated or emulated network, and instantiate these APIs. The testbed is designed to bridge a standard management module (such as SNMP) and a simulation or emulation model, starting from a MIB module. The testbed uses CORBA as a communication means. The process is divided into two parts, agent side and model side. | 03-08-2012 |
20120257498 | METHOD AND SYSTEM FOR PROVIDING END-TO-END QoS IN CONVERGED NETWORKS USING PROBABILISTIC PREFERENTIAL ADMISSION CONTROL - Network management for providing and managing Quality of Service (QoS) in converged networks, and particularly management of bursty, short-lived data loads, in an opaque network where knowledge of or control over network elements is not required. Preferential treatment is provided to some subset of the network users that require better QoS assurances from the underlying network by applying probabilistic admission control decisions in conjunction with estimated network state provides improved performance for high priority data with bursty data loads. | 10-11-2012 |
20130218549 | DYNAMIC TIME VIRTUALIZATION FOR SCALABLE AND HIGH FIDELITY HYBRID NETWORK EMULATION - A system and method for measurement of the performance of a network by simulation, wherein time divergence is addressed by using discrete event simulation time to control and synchronize time advance or time slow down on virtual machines for large-scale hybrid network emulation, particularly where the loss of fidelity could otherwise be substantial. A dynamic time control and synchronization mechanism is implemented in a hypervisor clock control module on each test bed machine, which enables tight control of virtual machine time using time information from the simulation. A simulator state introspection and control module, running alongside the simulator, enables extraction of time information from the simulation and control of simulation time, which is supplied to the virtual machines. This is accomplished with a small footprint and low overhead. | 08-22-2013 |
20140082730 | SYSTEM AND METHOD FOR CORRELATING HISTORICAL ATTACKS WITH DIVERSE INDICATORS TO GENERATE INDICATOR PROFILES FOR DETECTING AND PREDICTING FUTURE NETWORK ATTACKS - An apparatus and method predict and detect network attacks by using a diverse set of indicators to measure aspects of the traffic and by encoding traffic characteristics using these indicators of potential attacks or anomalous behavior. The set of indicators is analyzed by supervised learning to automatically learn a decision rule which examines the temporal patterns in the coded values of the set of indicators to accurately detect and predict network attacks. The rules automatically evolve in response to new attacks as the system updates its rules periodically by analyzing new data and feedback signals about attacks associated with that data. To assist human operators, the system also provides human interpretable explanations of detection and prediction rules by pointing to indicators whose values contribute to a decision that there is an existing network attack or an imminent network attack. When such indictors are detected, an operator can take remediation actions. | 03-20-2014 |