公开(公告)号：US08935188B2

公开(公告)日：2015-01-13

申请号：US12858303

申请日：2010-08-17

Applicant: Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

Inventor： Nicholas Duffield ,  Patrick Haffner ,  Yu Jin ,  Subhabrata Sen ,  Zhi-Li Zhang

IPC: G06F15/18 ,  G06F15/173 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L43/045 ,  H04L43/026 ,  H04L67/22

Abstract: In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

Abstract translation: 在一个实施例中，本公开是用于使用网络业务的集合属性对应用进行分类的方法和装置。 在一个实施例中，用于对通信网络中的业务进行分类的方法包括接收业务活动图，所述业务活动图包括由多个边缘互连的多个节点，其中每个节点表示与所述通信网络相关联的端点， 每个边缘表示对应的一对节点之间的流量，基于与通信网络中的至少一个业务流相关的至少一个测量的统计量，生成关于与每个边缘相关联的应用类别的初始推断集合 ，并且基于业务流的空间分布来优化初始推理集合，以产生最终业务活动图。

公开(公告)号：US08732293B2

公开(公告)日：2014-05-20

申请号：US11275083

申请日：2005-12-08

Applicant: Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

Inventor： Patrick McDaniel ,  Subhabrata Sen ,  Oliver Spatschek ,  Jacobus E. Van de Merwe

IPC: G06F15/173 ,  G06F11/00

CPC classification number: H04L63/14 ,  H04L63/102 ,  H04L67/306

Abstract: The current invention relates to a system and method for tracking or locating a target entity on a data network, such as the public Internet, by analyzing network traffic and communication among interacting network nodes. The invention describes a system of creating an information set of data related to the traffic patterns associated with a specific entity over a time period, and comparing the information set to other information related to the traffic patterns associated with a group of entities over the same time period. By excluding information that is common to both the specific entity and the group of entities from the information set, the information set is left with only the information that helps identify the specific entity on the network.

Abstract translation: 本发明涉及一种用于通过分析网络流量和交互网络节点之间的通信来跟踪或定位数据网络（例如公共因特网）上的目标实体的系统和方法。 本发明描述了一种在一段时间内创建与特定实体相关联的流量模式的数据信息集合的系统，并且将信息集与同一时间内与一组实体相关联的流量模式相关的其他信息进行比较 期。 通过从信息集中排除特定实体和实体组共同的信息，信息集只剩下有助于识别网络上特定实体的信息。

公开(公告)号：US08576968B2

公开(公告)日：2013-11-05

申请号：US12575850

申请日：2009-10-08

Applicant: Alexandre Gerber ,  Zhuoqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Walter Willinger

Inventor： Alexandre Gerber ,  Zhuoqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Walter Willinger

IPC: H04L7/02

CPC classification number: H04L41/14 ,  H04L43/087 ,  H04L43/16

Abstract: A packet trace is received. The packet trace is transformed into a sequence of pulse signals in a temporal domain. The sequence of pulse signals in the temporal domain is transformed into a sequence of pulse signals in a frequency domain. Peaks are detected within relevant frequency bands in the sequence of pulse signals in the frequency domain. A fundamental frequency is identified within the peaks. The fundamental frequency, which represents the TCP flow clock, is returned.

Abstract translation: 收到数据包跟踪。 分组跟踪在时域中变换成脉冲信号序列。 时域中的脉冲信号序列被变换成频域中的脉冲信号序列。 在频域中的脉冲信号序列中的相关频带内检测峰。 在峰值内确定基本频率。 返回表示TCP流时钟的基频。

公开(公告)号：US08359379B1

公开(公告)日：2013-01-22

申请号：US12112745

申请日：2008-04-30

Applicant: Subhabrata Sen

Inventor： Subhabrata Sen

IPC: G06F15/173 ,  G06F15/16

CPC classification number: H04L67/1097 ,  G06F3/067 ,  H04L61/2514

Abstract: A facility for impersonating a number of iSCSI initiators within a IP-based Storage Area Network (SAN) is provided. In some embodiments, the facility receives iSCSI PDUs from a plurality of iSCSI devices. Each iSCSI PDU includes a SCSI command, an IP address of the initiator from which it was received, and an indication of a target storage device to which the iSCSI PDU is addressed. The facility maps IP address of the initiator from which the iSCSI PDU was received to a globally unique IP address and sends the iSCSI PDU to the indicated target storage device. When a response to the iSCSI PDU is received, the facility maps the globally unique IP address to the IP address of the initiator from which the iSCSI PDU was received and forwards the response to the initiator. In some embodiments, the facility is transparent to the iSCSI initiators.

Abstract translation: 提供了一种用于在基于IP的存储区域网络（SAN）中模拟许多iSCSI启动器的设施。 在一些实施例中，设备从多个iSCSI设备接收iSCSI PDU。 每个iSCSI PDU包括SCSI命令，从其接收到的发起者的IP地址以及iSCSI PDU所寻址到的目标存储设备的指示。 设备将接收到iSCSI PDU的启动器的IP地址映射到全局唯一的IP地址，并将iSCSI PDU发送到指定的目标存储设备。 当接收到对iSCSI PDU的响应时，设备将全局唯一IP地址映射到接收到iSCSI PDU的启动器的IP地址，并将响应转发给启动器。 在一些实施例中，该设施对于iSCSI启动器是透明的。

公开(公告)号：US20130007255A1

公开(公告)日：2013-01-03

申请号：US13172925

申请日：2011-06-30

Applicant: Alexandre Gerber ,  Zhuaqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Zhaoguang Wang

Inventor： Alexandre Gerber ,  Zhuaqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Zhaoguang Wang

IPC: G06F15/173

CPC classification number: G06F1/28 ,  G06F9/54 ,  G06F11/302 ,  G06F11/3062

Abstract: A rating is provided for a computing application. Traffic data, power data, and/or network signaling load data is collected for a computing application and compared with other similar data. A rating for the computing application is provided based on the comparison.

公开(公告)号：US08274886B2

公开(公告)日：2012-09-25

申请号：US12607240

申请日：2009-10-28

Applicant: Alexandre Gerber ,  Zhuoqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Walter Willinger

Inventor： Alexandre Gerber ,  Zhuoqing Mao ,  Feng Qian ,  Subhabrata Sen ,  Oliver Spatscheck ,  Walter Willinger

IPC: H04L12/56

CPC classification number: H04L47/365 ,  H04L47/193 ,  H04L47/27 ,  H04L47/28

Abstract: A packet trace is received. Inter-arrival times between the multiple packets in the packet trace are determined. An inter-arrival time in the inter-arrival times that is greater than a threshold is identified. An order number of the inter-arrival time is identified. A determination is made as to whether a size of each of at least a portion of the multiple packets is equal to a maximum segment size. When a determination is made that the size of each of at least a portion of the multiple packets is equal to the maximum segment size, a size of the ICW as a product of the order number and the maximum segment size is returned.

Abstract translation: 收到数据包跟踪。 确定分组跟踪中的多个分组之间的到达之间的时间。 确定到达时间之间的到达时间大于阈值。 识别到达时间的订单号。 确定多个分组的至少一部分中的每一个的大小是否等于最大分段大小。 当确定多个分组的至少一部分中的每一个的大小等于最大分段大小时，返回作为订单号和最大分段大小的乘积的ICW的大小。

公开(公告)号：US20120155319A1

公开(公告)日：2012-06-21

申请号：US12968757

申请日：2010-12-15

Applicant: Alexandre GERBER ,  Seungjoon LEE ,  Zhuoqing MAO ,  Feng QIAN ,  Subhabrata SEN ,  Zhaoguang WANG ,  Qiang XU

Inventor： Alexandre GERBER ,  Seungjoon LEE ,  Zhuoqing MAO ,  Feng QIAN ,  Subhabrata SEN ,  Zhaoguang WANG ,  Qiang XU

IPC: H04W4/00

CPC classification number: H04W24/08 ,  H04L61/1511 ,  H04L61/2514

Abstract: A method and apparatus for characterizing an infrastructure of a wireless network are disclosed. For example, the method obtains a first data set from a server log, and obtains a second data set from a plurality of wireless endpoint device. The method characterizes a parameter of the infrastructure of the wireless network using the first data set and the second data set and optimizes a network resource of the wireless network based on the parameter.

Abstract translation: 公开了一种用于表征无线网络的基础设施的方法和装置。 例如，该方法从服务器日志获取第一数据集，并且从多个无线终端设备获得第二数据集。 该方法使用第一数据集和第二数据集来表征无线网络的基础设施的参数，并且基于该参数来优化无线网络的网络资源。

公开(公告)号：US08031599B2

公开(公告)日：2011-10-04

申请号：US12635127

申请日：2009-12-10

Applicant: Nicholas G. Duffield ,  Matthew Roughan ,  Subhabrata Sen ,  Oliver Spatscheck

Inventor： Nicholas G. Duffield ,  Matthew Roughan ,  Subhabrata Sen ,  Oliver Spatscheck

IPC: H04L12/28

CPC classification number: H04L41/5022 ,  H04L41/142

Abstract: A signature-based traffic classification method maps traffic into preselected classes of service (CoS). By analyzing a known corpus of data that clearly belongs to identified ones of the preselected classes of service, in a training session the method develops statistics about a chosen set of traffic features. In an analysis session, relative to traffic of the network where QoS treatments are desired (target network), the method obtains statistical information relative to the same chosen set of features for values of one or more predetermined traffic attributes that are associated with connections that are analyzed in the analysis session, yielding a statistical features signature of each of the values of the one or more attributes. A classification process then establishes a mapping between values of the one or more predetermined traffic attributes and the preselected classes of service, leading to the establishment of QoS treatment rules.

Abstract translation: 基于签名的流量分类方法将流量映射到预选的服务等级（CoS）。 通过分析明确属于所选择的服务类别的已知数据库，在训练课程中，该方法开发关于所选择的一组交通特征的统计。 在分析会话中，相对于期望QoS处理的网络的业务量（目标网络），该方法获得相对于与所连接的连接相关联的一个或多个预定业务属性的值的相同所选择的特征集的统计信息 在分析会话中分析，产生一个或多个属性的每个值的统计特征签名。 然后，分类过程建立一个或多个预定业务属性的值与预选的业务类别之间的映射，导致建立QoS处理规则。

公开(公告)号：US07953020B2

公开(公告)日：2011-05-31

申请号：US11478948

申请日：2006-06-30

Applicant: Lee Breslau ,  Nicholas G. Duffield ,  Subhabrata Sen

Inventor： Lee Breslau ,  Nicholas G. Duffield ,  Subhabrata Sen

IPC: H04L12/28

CPC classification number: H04L43/10 ,  H04L43/026 ,  H04L43/50 ,  Y02D50/30

Abstract: A method is disclosed for implementing and reporting network measurements between a source of probe packets and an element, such as a router. The invention exploits commonly implemented features on commercial elements. By exploiting these features, the expense of deploying special purpose measurement devices can be avoided. In one aspect of the invention, a plurality of probe packets is transmitted in a packet network with each of the probe packets having the same key and the same aggregation characteristic. A report is then received from an instructionless element regarding the plurality of probe packets, thereby enabling measurement of a parameter of the packet network.

Abstract translation: 公开了一种用于实现和报告探测分组的源和诸如路由器的元件之间的网络测量的方法。 本发明利用了商业元素上普遍实现的功能。 通过利用这些功能，可以避免部署专用测量设备的费用。 在本发明的一个方面，在分组网络中发送多个探测分组，每个探测分组具有相同的密钥和相同的聚合特性。 然后从关于多个探测分组的无指令元素接收到报告，从而能够测量分组网络的参数。

公开(公告)号：US20110040706A1

公开(公告)日：2011-02-17

申请号：US12539430

申请日：2009-08-11

Applicant: Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

Inventor： Subhabrata Sen ,  Nicholas Duffield ,  Patrick Haffner ,  Jeffrey Erman ,  Yu Jin

IPC: G06F15/18 ,  G06N5/02

CPC classification number: G06N99/005

Abstract: A traffic classifier has a plurality of binary classifiers, each associated with one of a plurality of calibrators. Each calibrator trained to translate an output score of the associated binary classifier into an estimated class probability value using a fitted logistic curve, each estimated class probability value indicating a probability that the packet flow on which the output score is based belongs to the traffic class associated with the binary classifier associated with the calibrator. The classifier training system configured to generate a training data based on network information gained using flow and packet sampling methods. In some embodiments, the classifier training system configured to generate reduced training data sets, one for each traffic class, reducing the training data related to traffic not associated with the traffic class.

Abstract translation: 流量分类器具有多个二进制分类器，每个二进制分类器与多个校准器之一相关联。 每个校准器被训练成使用拟合的逻辑曲线将相关联的二进制分类器的输出得分转换成估计的类概率值，每个估计的类概率值指示输出得分所基于的分组流的概率属于相关联的流量类别 与校准器相关联的二进制分类器。 分类器训练系统被配置为基于使用流和分组采样方法获得的网络信息生成训练数据。 在一些实施例中，分类器训练系统被配置为生成减少的训练数据集，每个业务类别一个，减少与业务类别不相关的业务相关的训练数据。