IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0264777
(2002-10-04)
|
등록번호 |
US-7283475
(2007-10-16)
|
발명자
/ 주소 |
- Fortin,Christopher S.
- Cousins,David B.
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
20 |
초록
▼
A network tap [120/220] monitors traffic transmissions in a network [100/200]. The tap records transmission time information [501] between data transmitted in the network. From the transmission time information, the tap calculates differences in transmission times [500], and assumes the differences
A network tap [120/220] monitors traffic transmissions in a network [100/200]. The tap records transmission time information [501] between data transmitted in the network. From the transmission time information, the tap calculates differences in transmission times [500], and assumes the differences in transmission times are distributed as fractional gaussian noise. Housdorff dimensions are calculated for the fractional gaussian noise distributions. The Housdorff dimensions are used to generate traffic analysis information for the network, even when the data transmitted on the network is encrypted.
대표청구항
▼
What is claimed is: 1. A method of analyzing communications in a network, comprising: obtaining time of transmission information for chunks of data in the network; determining differences in times of transmission between successive chunks of data based on the time of transmission information; analy
What is claimed is: 1. A method of analyzing communications in a network, comprising: obtaining time of transmission information for chunks of data in the network; determining differences in times of transmission between successive chunks of data based on the time of transmission information; analyzing traffic flow in the network based on the determined differences in the times of transmission; and generating a Housdorff dimension from the differences in times of transmission, the Housdorff dimension characterizing traffic flow corresponding to the chunks of data. 2. The method of claim 1, wherein the time of transmission information is obtained over a predetermined time interval. 3. The method of claim 1, wherein generating the Housdorff dimension includes: estimating the Housdorff dimension using a maximum likelihood estimator. 4. The method of claim 1, wherein the analyzing traffic flow further comprises: comparing Housdorff dimensions calculated for multiple nodes in the network; and determining traffic flow start/stop between the multiple nodes based on the comparison. 5. The method of claim 1, wherein the time of transmission information includes an identification of a node on the network that transmitted the chunk of data. 6. The method of claim 1, wherein the network is a wireless network. 7. The method of claim 1, wherein the network is a wired network. 8. The method of claim 1, further comprising: classifying a communication associated with the chunks of data based on the Housdorff dimension. 9. A system for analyzing traffic flow in a network, the system comprising: at least one network tap for passively observing traffic transmission times in the network; at least one processor for calculating differences in times of transmission based on the traffic transmission times observed over a predetermined period; and means for analyzing traffic flow in the network based on the calculated differences in times of transmission; wherein the analyzing means analyzes the traffic flow in the network by assuming that the differences in times of transmission have a random distribution that is distributed as fractional gaussian noise. 10. The system of claim 9, wherein the network tap generates a Housdorff dimension from the differences in times of transmission, the Housdorff dimension for characterizing traffic flow corresponding to the traffic in the network. 11. The system of claim 10, wherein the Housdorff dimension is estimated using a maximum likelihood estimator. 12. The system of claim 10, wherein the Housdorff dimension corresponds to the traffic in the network, wherein the traffic is obtained from a plurality of individual traffic streams. 13. The system of claim 9, wherein the network is a wireless network. 14. The system of claim 9, wherein the network is a wired network. 15. A system for analyzing traffic flow in a network, the system comprising: at least one network tap for passively observing traffic transmission times in the network; at least one processor for calculating differences in times of transmission based on the traffic transmission times observed over a predetermined period; and means for analyzing traffic flow in the network based on the calculated differences in times of transmission; wherein the observed traffic transmission times include an identification of the network that transmitted the traffic. 16. The system of claim 15, wherein the analyzing means analyzes the traffic flow in the network by assuming that the differences in times of transmission have a random distribution that is distributed as fractional gaussian noise. 17. The system of claim 15, wherein the network tap generates a Housdorff dimension from the differences in times of transmission, the Housdorff dimension for characterizing traffic flow corresponding to the traffic in the network. 18. The system of claim 17, wherein the Housdorff dimension corresponds to the traffic in the network, wherein the traffic is obtained from a plurality of individual traffic streams. 19. A method comprising: receiving chunks of data from a network in a series of chunks of data; generating transmission time differences between the received chunks of data; estimating a Housdorff dimension for the series of the received chunks of data based on the generated transmission time differences; and analyzing traffic flow in the network based on the estimated Housdorff dimension. 20. The method of claim 19, wherein analyzing traffic flow includes: tracking the flow of chunks of data through the network. 21. The method of claim 19, wherein analyzing traffic flow includes: classifying network traffic based on pre-defined characteristic patterns of the Housdorff dimension. 22. The method of claim 19, wherein the series of chunks of data corresponds to chunks of data received from the network in a predetermined time interval. 23. The method of claim 19, wherein the chunks of data correspond to packet information. 24. The method of claim 19, wherein estimating the Housdorff dimension includes: estimating the Housdorff dimension using a maximum likelihood estimator. 25. The method of claim 24, wherein analyzing traffic flow includes: comparing Housdorff dimensions estimated for multiple nodes in the network; and determining traffic flow start/stop between the multiple nodes based on the comparison. 26. The method of claim 19, wherein the network is a wireless network. 27. The method of claim 19, wherein the network is a wired network. 28. A computer-readable medium that stores instructions executable by one or more processors to perform a method, comprising: obtaining time of transmission information for chunks of data passing through a network; calculating differences in times of transmission between successive chunks of data based on the time of transmission information; analyzing traffic flow in the network based on the calculated differences in times of transmission; and generating a Housdorff dimension from the differences in times of transmission, the Housdorff dimension characterizing traffic flow corresponding to the chunks of data. 29. The computer-readable medium of claim 28, wherein the obtained time of transmission information is obtained over a predetermined time interval. 30. A device in a network, comprising: means for obtaining time of transmission information for chunks of data in the network; means for calculating differences in times of transmission in successive chunks of data based on the time of transmission information; means for generating a Housdorff dimension from the differences in times of transmission, the Housdorff dimension characterizing traffic flow corresponding to the chunks of data; and means for analyzing traffic flow in the network based on the Housdorff dimensions. 31. The communication tap of claim 30, further comprising: means for classifying a communication associated with the chunks of data based on the Housdorff dimensions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.