Patent application number | Description | Published |
20110125748 | Method and Apparatus for Real Time Identification and Recording of Artifacts - Methods and a system of method and apparatus for real time identification and recording of artifacts are disclosed. In one embodiment, a method of network database maintenance includes designating a network packet data to be stored in one of a packet capture repository and a file system resident database to indicate an artifact type, a protocol type, an application, a user-definable attribute, and a temporal session duration based on a real-time packet inspection. The method includes grouping the designated packet data in a database including packet data having a similar one of the artifact type, the protocol type, the application, the user-definable attribute and the temporal session duration. In addition, the method of network database maintenance includes indexing the database to point to a memory location of the designated packet data grouped in the database in the packet capture repository. | 05-26-2011 |
20110125749 | Method and Apparatus for Storing and Indexing High-Speed Network Traffic Data - Storing and indexing of high-speed network traffic data is disclosed. In one embodiment, a method of network database maintenance includes sequentially recording in real-time packet header and/or packet content attributes derived from network packets captured and stored in one of a packet capture repository and a file system in database units ordered by arrival of the network packet data. In addition, the method includes indexing each database unit to point to a memory location of the network packet data in one of the packet capture repository and the file system. The method also includes computing a hash value on certain input data and creating index bitmaps on each database unit to facilitate grouping of a similar attributes associated with the network packet data recorded in the database units. The resulting data may then be stored in compressed and/or encrypted formats on a file system for efficiency and security. | 05-26-2011 |
20120239652 | Hardware Accelerated Application-Based Pattern Matching for Real Time Classification and Recording of Network Traffic - An indexing database utilizes a non-transitory storage medium. A pattern matching processing unit generates preclassification data for the network data packets utilizing pattern matching analysis. At least one processing unit implements a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to a packet capture repository when slots in a shared memory are full. A preclassification process requests from the pattern matching processing unit the preclassification data. An indexing process determines, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, and performs at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database. | 09-20-2012 |
20140215615 | Apparatus and Method for Characterizing the Risk of a User Contracting Malicious Software - A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine. | 07-31-2014 |
20140310394 | Apparatus and Method for Utilizing Fourier Transforms to Characterize Network Traffic - A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match. | 10-16-2014 |
Patent application number | Description | Published |
20090290492 | METHOD AND APPARATUS TO INDEX NETWORK TRAFFIC META-DATA - A method, system, and apparatus for indexing network traffic meta-data is disclosed. In one embodiment, a method includes identifying a packet having a header and a payload in a flow of a data through a network, classifying the header of the packet in a type of the header, determining an algorithm to extract a meta-data (e.g., which may be stored in a database of the storage device, and the storage device may be limited in a storage capacity) having information relevant to network traffic visibility based on the type of the header, extracting the meta-data from the header, and streaming the meta-data to a storage device. The method may include applying a last recently used algorithm to discard information from the storage device when storage device is limited in the storage capacity. The method may also include determining that the type of the header is an Ethernet header. | 11-26-2009 |
20090290501 | CAPTURE AND REGENERATION OF A NETWORK DATA USING A VIRTUAL SOFTWARE SWITCH - Methods and a system of capture and regeneration of a network data using a virtual software switch are disclosed. In an embodiment, a method includes capturing a network data using a virtual software switch, a processor, and a memory. The network data is captured to perform a network visibility analysis and the network data is communicated to at least one port of the virtual software switch. The method includes forming a stored network data in a memory. The method also includes regenerating the stored network data to form a reconstructed data. | 11-26-2009 |
20090290580 | METHOD AND APPARATUS OF NETWORK ARTIFACT INDENTIFICATION AND EXTRACTION - A method, system, and apparatus of network artifact identification and extraction are disclosed. In one embodiment, a method includes aggregating a payload data (e.g., may be a component of the extracted artifact) from different network packets to form an aggregated payload data, matching the payload data with an entry of a library of known artifacts, determining a type of the payload data based on a match with the entry of the library of known artifacts, separating the payload data from a header data in a network packet, and communicating the aggregated payload data as an extracted artifact to a user. The method may include using the extracted artifact to perform network visibility analysis of users on packets flowing across the network. The method may validate that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts. | 11-26-2009 |
20090292681 | PRESENTATION OF AN EXTRACTED ARTIFACT BASED ON AN INDEXING TECHNIQUE - A system and method of presentation of an extracted artifact based on an indexing technique are disclosed. In an embodiment, the method includes indexing a database of a captured network characteristic data using a processor and a memory to form an indexed capture data. The method includes enhancing a query response time with the indexed capture data. The method further includes searching the indexed capture data to generate a capture query result. The capture query result includes an extracted artifact. The method also includes graphically presenting the capture query result as at least one of an artifact list and an artifact image. | 11-26-2009 |
20090292736 | ON DEMAND NETWORK ACTIVITY REPORTING THROUGH A DYNAMIC FILE SYSTEM AND METHOD - A method, apparatus and a system of on demand network activity reporting through a dynamic file system and method are disclosed. In one embodiment, a method includes forming a root level selection guide based on a set of criteria associated with an activity through a network that is captured and stored on a storage device associated with a network appliance, refreshing listings of a sub-directory of the root level selection guide dynamically based on the activity through the network stored on the storage device when an option is selected in the root level selection guide, and creating a packet capture file based on a current state of the activity through the network when one of the listings of the sub-directory of the root level selection guide is selected. The method may include automatically referencing a database having the activity through the network when creating the packet capture file. | 11-26-2009 |
20120158737 | SYSTEM AND METHOD FOR HYPERTEXT TRANSFER PROTOCOL LAYERED RECONSTRUCTION - HTTP layered reconstruction is disclosed. A database is queried to identify a location of a previously reconstructed HTML artifact file or packet data of a HTML file in a repository that stores packet data captured from a network. The reconstructed HTML file is analyzed. Links to external files are identified and the database is queried to identify a location of previously reconstructed artifact files or packet data of associated external files. The external files are reconstructed, as needed. A web page is then reconstructed based on the reconstructed HTML file and reconstructed external files, presenting a view of the web page as it originally appeared to a user. A user may specify which external file types to include and/or not include. New versions of external files may be obtained and indicated in the reconstructed web page when associated artifact files or packet data are not stored within the repository. | 06-21-2012 |
20130282760 | Apparatus and Method for Random Database Sampling with Repeatable Results - A method of sampling data in a database includes designating permanent read locations in a database. The database is populated with randomly loaded data. The permanent read locations in the database are sampled to form sampled repeatable results attributable to the permanent read locations and the randomly loaded data. | 10-24-2013 |
Patent application number | Description | Published |
20100122019 | APPARATUS, SYSTEM, AND METHOD FOR MANAGING PHYSICAL REGIONS IN A SOLID-STATE STORAGE DEVICE - An apparatus, system, and method are disclosed for managing physical regions in a solid-state storage device. The definition module defines a physical storage region on solid-state storage media of a solid-state storage device. The physical storage region includes a subset of total physical storage capacity on the solid-state storage media. The storage controller performs memory operations within the physical storage region such that the memory operations are bounded to the physical storage region. The implementation module implements the physical storage region definition with respect to the storage controller for the solid-state storage media. | 05-13-2010 |
20120063231 | Apparatus, System, and Method for Non-Volatile Storage Element Programming - Methods, storage controllers, and systems for non-volatile storage element programming are described. One method includes programming user data in pages associated with a set of wordlines of an erase block of a non-volatile, solid-state storage element. The method further includes selecting at least one of the wordlines of the set programmed with the user data and restricting further programming of user data in the pages associated with the selected wordline. In some embodiments, the selected wordline occurs subsequent to the pages associated with the other wordlines of the set in a page programming order for the erase block. | 03-15-2012 |
20130036262 | APPARATUS, SYSTEM, AND METHOD FOR TESTING PHYSICAL REGIONS IN A SOLID-STATE STORAGE DEVICE - An apparatus, system, and method are disclosed for testing physical regions in a solid-state storage device. The method includes defining a physical storage region on solid-state storage media of a solid-state storage device. The physical storage region includes a subset of storage capacity of the solid-state storage media. The method includes implementing the physical storage region definition on a storage controller such that memory operations are bounded to the physical storage region. The method includes testing wear of solid-state storage media associated with the physical storage region using memory operations bounded to the physical storage region. | 02-07-2013 |