公开(公告)号：US08090820B2

公开(公告)日：2012-01-03

申请号：US11914047

申请日：2006-05-12

申请人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

发明人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

IPC分类号： G06F15/173

CPC分类号： H04L43/00 ,  H04L43/18

摘要： A distributed system for analyzing traffic flow on a communications network architecture where a computer provides information over a data network to a concentrator, which provides a bridge between the computer and the end user terminals. The interface between the terminals and the concentrator is provided through access points for each workstation. The system to analyze the traffic is distributed into three components that perform, respectively, classification of the traffic flow, processing of the results of the classification, and handling of the processed results.

摘要翻译： 一种用于分析通信网络架构上的业务流的分布式系统，其中计算机通过数据网络向集中器提供信息，所述集中器在计算机和终端用户终端之间提供桥梁。 通过每个工作站的接入点提供终端和集中器之间的接口。 分析流量的系统分为三个部分，分别执行交通流的分类，处理分类结果和处理结果的处理。

公开(公告)号：US20080198759A1

公开(公告)日：2008-08-21

申请号：US11914058

申请日：2006-05-12

申请人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

发明人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

IPC分类号： H04L12/26

CPC分类号： H04L43/18

摘要： The present invention provides a traffic analyzing system on a communications link having analyzer circuits connected to each other by a number of links, where each analyzer circuit has a data rate lower than the data rate of the communications link, and are adapted to perform respective different levels of analysis on packets. The information extracted from the packets analyzed at a first level of analysis by a first analyzer circuit is forwarded to a second level of analysis performed at a second analyzer circuit, where the additional analysis performed by the second analyzer circuit depends on the analysis performed by the first analyzer circuit. Such a system and associated method allows for an efficient, practical, and improved traffic flow analyses for computer networks to evaluate high-speed and heavy traffic flow, as well as for improved protocol analysis for emerging technologies.

摘要翻译： 本发明提供了一种通信链路上的业务分析系统，其具有通过多个链路彼此连接的分析器电路，其中每个分析器电路具有低于通信链路的数据速率的数据速率，并且适于执行各自不同的 数据包分析级别。 从在第一分析器电路的第一分析阶段分析的分组提取的信息被转发到在第二分析器电路处执行的第二级分析，其中由第二分析器电路执行的附加分析取决于由 第一分析电路。 这样的系统和相关联的方法允许计算机网络的高效，实用和改进的业务流分析来评估高速和繁忙的业务流，以及用于改进新兴技术的协议分析。

公开(公告)号：US20080195731A1

公开(公告)日：2008-08-14

申请号：US11914047

申请日：2006-05-12

申请人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

发明人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

IPC分类号： G06F15/173

CPC分类号： H04L43/00 ,  H04L43/18

摘要： A distributed system for analyzing traffic flow on a communications network architecture where a computer provides information over a data network to a concentrator, which provides a bridge between the computer and the end user terminals. The interface between the terminals and the concentrator is provided through access points for each workstation. The system to analyze the traffic is distributed into three components that perform, respectively, classification of the traffic flow, processing of the results of the classification, and handling of the processed results.

摘要翻译： 一种用于分析通信网络架构上的业务流的分布式系统，其中计算机通过数据网络向集中器提供信息，所述集中器在计算机和终端用户终端之间提供桥梁。 通过每个工作站的接入点提供终端和集中器之间的接口。 分析流量的系统分为三个部分，分别执行交通流的分类，处理分类结果和处理结果的处理。

公开(公告)号：US09094283B2

公开(公告)日：2015-07-28

申请号：US13805963

申请日：2011-04-14

申请人： Jerome Tollet ,  Jerome Abela

发明人： Jerome Tollet ,  Jerome Abela

IPC分类号： G06F15/16 ,  H04L12/26

CPC分类号： H04L43/00 ,  H04L43/18

摘要： The invention relates to a data collection device for monitoring streams in a data network using a packet transmission mode, including an extractor for extracting data contained in packets belonging to a stream defined by a transmitter, a receiver, and a protocol. The collection device also includes a syntax analyzer which receives data in real time from the extractor and breaks the data down into elements according to the syntactic rules of the protocol, said syntactic rules enabling the elements to be represented as a tree structure. The syntax analyzer combines respective tree state indicators with at least some of the elements, wherein the tree state indicator combined with an element locates said element within the tree structure. An interface transmits the tree state indicators, together with the elements with which the latter have been combined, to a stream analyzer external to the collection device.

摘要翻译： 本发明涉及一种用于使用分组传输模式监视数据网络中的流的数据收集设备，包括提取器，用于提取包含在属于由发射机，接收机和协议定义的流的分组中的数据。 收集装置还包括语法分析器，其从提取器实时接收数据，并根据协议的句法规则将数据分解成元素，所述句法规则使得元素能够被表示为树结构。 语法分析器将各个树状态指示符与至少一些元素相结合，其中与元素组合的树状态指示符将所述元素定位在树结构内。 接口将树形状态指示器与后者组合的元素一起发送到收集设备外部的流分析器。

公开(公告)号：US07729279B2

公开(公告)日：2010-06-01

申请号：US11914058

申请日：2006-05-12

申请人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

发明人： Gautier Harmel ,  Eric Horlait ,  Jerome Tollet

IPC分类号： H04L12/26

CPC分类号： H04L43/18

摘要： The present invention provides a traffic analyzing system on a communications link having analyzer circuits connected to each other by a number of links, where each analyzer circuit has a data rate lower than the data rate of the communications link, and are adapted to perform respective different levels of analysis on packets. The information extracted from the packets analyzed at a first level of analysis by a first analyzer circuit is forwarded to a second level of analysis performed at a second analyzer circuit, where the additional analysis performed by the second analyzer circuit depends on the analysis performed by the first analyzer circuit. Such a system and associated method allows for an efficient, practical, and improved traffic flow analyses for computer networks to evaluate high-speed and heavy traffic flow, as well as for improved protocol analysis for emerging technologies.

摘要翻译： 本发明提供了一种通信链路上的业务分析系统，其具有通过多个链路彼此连接的分析器电路，其中每个分析器电路具有低于通信链路的数据速率的数据速率，并且适于执行各自不同的 数据包分析级别。 从在第一分析器电路的第一分析阶段分析的分组提取的信息被转发到在第二分析器电路处执行的第二级分析，其中由第二分析器电路执行的附加分析取决于由 第一分析电路。 这样的系统和相关联的方法允许计算机网络的高效，实用和改进的业务流分析来评估高速和繁忙的业务流，以及用于改进新兴技术的协议分析。

公开(公告)号：US20060106583A1

公开(公告)日：2006-05-18

申请号：US10523339

申请日：2003-07-04

申请人： Alfortville Fdida ,  Gauthier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

发明人： Alfortville Fdida ,  Gauthier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

IPC分类号： G06F15/00

CPC分类号： H04L69/18 ,  H04L43/00 ,  H04L43/18 ,  H04L63/0254 ,  H04L63/1408 ,  H04L67/02 ,  H04L69/22

摘要： The method uses a network for protocol self identification for recognizing determinative data by the naming given among data transmitted through a detected connection, and an empty or nonempty list of protocol usable namings called son protocols associated with each usable protocol naming called a father protocol. The kernel of an information system associates to each detected connection a data structure arranged so that it comprises an ordered sequence of the used protocol namings. The kernel builds the data structure by retrieving the son protocol namings in the list associated to the last naming of said ordered sequence, the son protocol naming for which the associated self identification mechanism recognizes determinant data among transmitted data by adding the retrieved son protocol naming to the end of the sequence and by restarting to retrieve the son protocol naming for which the associated self identification mechanism recognizes determinant data among transmitted data.

摘要翻译： 该方法使用用于协议自身识别的网络来通过在通过检测到的连接发送的数据中给出的命名来识别确定性数据，以及称为与每个可用协议命名（称为父协议）相关联的称为儿子协议的协议可用标识的空或非空列表。 信息系统的内核与每个检测到的连接相关联地布置数据结构，使得它包括所使用的协议标签的有序序列。 内核通过检索与所述有序序列的最后命名相关联的列表中的子协议标识来构建数据结构，该协议命名通过将所检索的子协议命名添加到相关联的自身识别机制中来识别所发送的数据中的确定数据 序列的结束并重新开始以检索相关联的自身识别机制识别发送数据中的行列式数据的子协议命名。

公开(公告)号：US20120166666A1

公开(公告)日：2012-06-28

申请号：US13394444

申请日：2010-09-01

申请人： Jerome Tollet ,  Jerome Abela

发明人： Jerome Tollet ,  Jerome Abela

IPC分类号： G06F15/16 ,  H04L29/06

CPC分类号： H04L65/1083 ,  H04L63/0245 ,  H04L65/80

摘要： The invention relates to a method for supervising a communication session over a data network, said session including a first data flow, referred to as the parent flow, using a first protocol, said parent flow including data suitable for setting up a second data flow, referred to as the child flow, using a second protocol for said session, which includes: searching (13) the parent flow for the data that enable the child flow to be set up; generating (15) and storing (17) a signature, referred to as a parent key, using said data; auditing (19) data flows using the second protocol on the data network; creating (21) a signature for each one of the flows; comparing (23) said signature of each one of the flows with the parent key; and, if the comparison is positive, determining (25) that the data flow in question is the child flow of the session.

摘要翻译： 本发明涉及一种用于监视数据网络上的通信会话的方法，所述会话使用第一协议包括被称为父流的第一数据流，所述父流包括适于建立第二数据流的数据， 称为子流，使用用于所述会话的第二协议，其包括：搜索（13）用于启用子流的数据的父流; 使用所述数据生成（15）并存储（17）称为父密钥的签名; 在数据网络上使用第二协议审计（19）数据流; 创建（21）每个流的签名; 将每个流的所述签名与父密钥进行比较（23）; 并且如果比较是肯定的，则确定（25）所讨论的数据流是会话的子流。

公开(公告)号：US07522530B2

公开(公告)日：2009-04-21

申请号：US10523339

申请日：2003-07-04

申请人： Serge Fdida ,  Gautier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

发明人： Serge Fdida ,  Gautier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

IPC分类号： H04L12/26

CPC分类号： H04L69/18 ,  H04L43/00 ,  H04L43/18 ,  H04L63/0254 ,  H04L63/1408 ,  H04L67/02 ,  H04L69/22

摘要： A method for protocol identification by recognizing determinative data among data transmitted through a detected connection using lists of explicit and implicit son protocols associated with each protocol. The kernel of an information system associates to each detected connection a data structure arranged so that it comprises an ordered sequence of the protocol names. The kernel builds the data structure by retrieving the son protocol names in the list associated to the last protocol name of said ordered sequence, the son protocol name for which the associated self identification mechanism recognizes determinant data among transmitted data by adding the retrieved son protocol name to the end of the sequence and by restarting to retrieve the son protocol name for which the associated self identification mechanism recognizes determinant data among transmitted data.

摘要翻译： 通过使用与每个协议相关联的显式和隐式子协议的列表，通过检测到的连接发送的数据中的确定性数据来识别协议识别的方法。 信息系统的内核与每个检测到的连接相关联地布置数据结构，使得它包括协议名称的有序序列。 内核通过检索与所述有序序列的最后协议名称相关联的列表中的子协议名称来建立数据结构，该协议名称由相关联的自身识别机制通过添加所检索到的子协议名称来识别所发送数据中的行列式数据 通过重新开始以检索相关联的自我识别机制识别所发送的数据中的行列式数据的子协议名称。

公开(公告)号：US20060048206A1

公开(公告)日：2006-03-02

申请号：US10535380

申请日：2003-11-24

申请人： Serge Fdida ,  Gautier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

发明人： Serge Fdida ,  Gautier Harmel ,  Eric Horlait ,  Guy Pujolle ,  Jerome Tollet

IPC分类号： H04N7/16 ,  H04N11/00 ,  H04N7/00

CPC分类号： H04W40/02 ,  H04L29/06 ,  H04L63/0236 ,  H04L63/0263 ,  H04L69/18 ,  H04L69/22 ,  H04W40/246 ,  H04W84/18 ,  Y02D70/30

摘要： The invention concerns a digital processing system fed by at least one filter having three possible states resulting from one or more conditions on one or more protocol attributes, specified for a semantic stream. Each protocol attribute is specified by an ordered sequence of protocol names used in the semantic stream and a parameter name carried by a protocol whereof the name is indicated in the ordered sequence of protocol names. The digital processing device comprises a filtering engine which applies the filter on the communication data until the data provide protocol attribute values wherefrom results a valid or invalid state of the filter and an action motor which triggers the action when the state of the filter is valid.