The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 01, 2020
Filed:
Apr. 05, 2018
Virtual Instruments Worldwide, Inc., San Jose, CA (US);
Derek Sanders, Saratoga, CA (US);
Rangaswamy Jagannathan, Sunnyvale, CA (US);
Rosanna Lee, Palo Alto, CA (US);
Kishor Kakatkar, Kothrud, IN;
Xiaohong Pan, Fremont, CA (US);
Virtual Instruments Worldwide, Inc., San Jose, CA (US);
Abstract
One network monitoring system maintains both information regarding historical activity and emergent activity of the network. Comparison of recent activity of the network with historical activity allows the system to determine whether recent network activity is within the realm of normal. The system maintains data structures representing a p.d.f. for observable values of network parameters. Such data structures are maintained both for historical and for emergent activity of the network. Recent activity can be compared with the p.d.f. for historical activity to aid in determining whether that recent activity is within the realm of normal. Network activity not within the realm of normal can include values of observable network parameters too high or too low to be consistent with historical activity of the network, or other values too unlikely to be consistent with historical activity at the network. Another network monitoring device includes data structures for maintaining information regarding historical activity of a network and emergent activity of a network. Those data structures include multiple types of observable values as well as multiple types of combinations of multiple observable values. The network monitoring device maintains those data structures including information regarding historical activity of a network and emergent activity of a network only for those source/destination pairs, and only for those nodes, for which maintaining that information would be substantially meaningful. Yet another network monitoring system includes data structures for maintaining information regarding historical activity of a network and emergent activity of a network. Those data structures include observable values for multiple profile dimensions, including source/destination address, application, location, and time. The data structures also include observable values for combinations of more than one of those multiple profile dimensions, including, e.g., (source address)×(application), and the like. It is expected that only a relatively sparse set of combinations of more than one of those multiple profile dimensions would have meaningful information associated therewith. The network monitoring system maintains those data structures only for those combinations of more than one of those multiple profile dimensions for which maintaining that information would be substantially meaningful.