| 发明名称 |
Internet monitoring and alerting system |
| 摘要 |
A monitoring and alerting system for detecting a disruptive event on the Internet includes a data collection and wrapping module configured to process input data that includes messages produced by a network routing protocol, including a live stream of messages on the network, historical dumps of the message to a computer's file system, or both. An automated analysis engine includes analysis modules configured to analyze routing information and selected Internet behaviors from the input data. User output includes automated alerts to the user and an interactive analysis module. The analysis modules include a probabilistic origin hijack analysis module; a probabilistic route hijack analysis module; a Hidden Markov Model analysis module; a tensor decomposition and analysis module and a static topology analysis module; and a dynamic topology analysis module. |
| 申请公布号 |
US9032518(B2) |
申请公布日期 |
2015.05.12 |
| 申请号 |
US201213654276 |
申请日期 |
2012.10.17 |
| 申请人 |
New Mexico Technical Research Foundation |
发明人 |
Planck Max Wilhelm;Colbaugh Richard David;Glass Kristin Lea;Willard Gerald Neal;Thiess Michelle Denise;Ackley Darryl Mackinnon;Pollard Isis Rose;Mattax Jason Paul;Barber Brandon Michael;Shepard Noah Michael |
| 分类号 |
G06F11/00;H04L29/06 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
Stachniak Jennifer S.;Becker Robert W. |
| 主权项 |
1. A monitoring and alerting system for detecting a disruptive event on the Internet, comprising microprocessor compromising: a data collection and wrapping module configured to process input data, said input data including a plurality of messages produced by a network routing protocol on a selected network, wherein said input data comprises a live stream of said messages on said network, historical dumps of said messages to a computer's file system, or both; an automated analysis engine, said automated analysis engine comprising a plurality of analysis modules configured to analyze routing information and selected Internet behaviors from said input data; and user output, wherein said user output includes automated alerts to said user and an interactive analysis module, wherein said plurality of analysis modules includes a probabilistic origin hijack analysis module configured to detect unexpected changes in a selected Internet prefix by retaining a recent history of routing information pertaining to each prefix; a probabilistic route hijack analysis module configured to analyze routing information from an entire route by calculating probabilities for adjacent pairs of nodes being seen in a route from historic information; a Hidden Markov Model analysis module configured to observe behaviors of the Internet as represented by routing data taken in as input; a tensor decomposition and analysis module and a static topology analysis module, each configured to apply a plurality of graphical metrics to a selected Internet topology; and a dynamic topology analysis module configured to form change graphs and to track characteristics representing changes in the Internet topology. |
| 地址 |
Socorro NM US |
