RU2015132628A - IMPROVED STREAM METHOD AND METHOD PROCESSING SYSTEM - Google Patents

Claims (48)

1. A method for advanced management of a software-defined network containing a network controller and transmitting network traffic using one or more network protocols, said network comprising devices, at least some of which receive network traffic through an input interface and transmit network traffic through an output interface , and the specified method includes the steps according to which: receive network metadata from multiple sources in the data processing system in at least one data format, process said network metadata during transmission on said network between a network device that generated this network metadata and a device configured to store said network metadata to extract necessary information from them, and determine information related to applications running on the specified network as a result of the processing stage of the network metadata, and use the specified application information to enable the network controller to more effectively manage the specified software-defined network. 2. The method according to p. 1, further comprising the steps according to which: determine information related to users represented in the specified network as a result of the metadata processing step, and using the specified user information to enable the network controller to more effectively manage the specified software-defined network. 3. A method for advanced management of a cloud virtual computing environment comprising a cloud operating system and a cloud controller and transmitting network traffic using one or more network protocols, said network comprising devices, at least some of which receive network traffic through an input interface and transmit network traffic through an output interface, the method comprising the steps of: receiving network metadata from multiple sources in a cloud virtual computing environment in at least one data format, process said network metadata during transmission in a specified environment between a network device that generated said network metadata and a device that is configured to store said network metadata to extract necessary information from them, determine information related to applications running in the specified environment as a result of the metadata processing step and use the specified application information to enable the cloud controller to more effectively manage the specified cloud virtual computing environment. 4. The method according to p. 3, according to which additionally: determine information related to users represented in the specified environment as a result of the metadata processing step and use the specified user information to enable the cloud controller to more efficiently manage said cloud virtual computing environment. 5. A method for providing on-demand access to network metadata associated with an identified potentially dangerous network event in a network in which devices transmit network traffic using one or more network protocols, said network comprising devices, at least some of which accept network traffic through the input interface and transmit network traffic through the output interface, and the specified method includes the steps according to which: process network metadata in a streaming manner according to a configured set of network metadata processing policies, save time-indexed set of network metadata in a storage device with quick access to data for a certain period of time, identify a potentially dangerous network event and receive a set of network metadata associated in time with the identified identified potentially dangerous network event from the specified time-indexed set and perform an analysis to correlate the specified set of network metadata with the identified identified potentially dangerous network event to obtain additional characteristics of the specified identified potentially dangerous network event. 6. The method according to claim 5, further comprising the step of removing the selected network metadata from a memory device with quick access to data to facilitate the entry of new network metadata into it. 7. A method for determining slave nodes of a botnet in a network-connected device, according to which: they use a linear cluster analysis algorithm to classify outgoing traffic in the network, and this linear cluster analysis algorithm takes into account the frequency of communication sessions with leading network nodes in identifiable geographical locations and data transfer models, such as, without limitation, application type, bandwidth, number of data packets per stream, average data packet size in each stream and traffic speed, identify, based on the result of the implementation phase of the use, outgoing traffic in the specified network, which is not part of the overall traffic model in this network, report a warning signal if outgoing traffic in the specified network does not constitute part of the overall traffic model in this network. 8. A system for advanced management of a software-defined network comprising a network controller and transmitting network traffic using one or more network protocols, said network comprising devices, at least some of which receive network traffic through an input interface and transmit network traffic through an output interface, and generate network metadata related to the specified network traffic, and the specified control system contains: at least one input interface for receiving network metadata from multiple sources in a software-defined network in at least one data format, a processing device for processing the specified network metadata during transmission in the specified network between the network device that generated the specified network metadata and the device that is configured to store the specified network metadata to extract the necessary information from them, moreover, the processing device determines the information related to the applications running in the specified network, and uses this information about the applications to enable the network controller to carry out more efficient management of the specified software-defined network. 9. The system of claim 8, in which the processing device determines information related to users represented in the specified network as a result of the metadata processing step and uses the specified user information to enable the network controller to effectively manage the specified software-defined network. 10. A system for advanced management of a cloud virtual computing environment comprising a cloud operating system and a cloud controller that transmits network traffic using one or more network protocols, said network comprising devices, at least some of which receive network traffic through an input interface and transmit network traffic through the output interface, and the specified control system further comprises: an interface for receiving network metadata from multiple sources in said cloud virtual computing environment in at least one data format, a processing device for processing the specified network metadata during transmission in the specified environment between the network device that generated this network metadata and a device that is configured to store the specified network metadata to extract the necessary information from them, moreover, the processing device determines information related to applications running in the specified environment as a result of the metadata processing step and uses the specified application information to enable the cloud controller to more effectively manage the specified cloud virtual computing environment. 11. The system of claim 10, wherein the processing device determines information related to users represented in the specified environment as a result of the metadata processing step and uses the specified user information to enable the cloud controller to more efficiently manage the specified cloud virtual computing Wednesday. 12. A system for providing on-demand access to network metadata related to an identified potentially dangerous network event in a network in which devices transmit network traffic using one or more network protocols, said network comprising devices, at least some of which receive network traffic through the input interface and transmit network traffic through the output interface, and the specified system contains: a processing device for processing network metadata in a streaming manner according to a customized set of network metadata processing policies, a fast data access storage device for storing time-indexed aggregate network metadata for a certain period of time, moreover, the processing device determines a potentially dangerous network event and provides a set of network metadata associated in time with the identified identified potentially dangerous network event from the specified time-indexed population and an analysis device for performing an analysis to correlate the specified set of network metadata with the identified identified potentially dangerous network event to obtain additional characteristics of the identified identified potentially dangerous network event. 13. The system of claim 12, further comprising a memory management device for deleting selected network metadata from a memory device with quick access to data to facilitate new network metadata being received therein. 14. A system for determining slave nodes of a botnet in a device connected to the network, comprising: a processing device for using a linear cluster analysis algorithm to classify outgoing traffic in a network, wherein said cluster analysis algorithm takes into account the frequency of communication sessions with leading network nodes in identifiable geographical locations and data transmission models, such as, without limitation, application type, transmission frequency, number of packets in a stream, average packet size in each stream, and traffic speed, an analyzing device that identifies outgoing traffic in the specified network, which is not part of the overall traffic model in the specified network, based on the results of applying the specified cluster analysis algorithm, and an alarm generating device for alerting if the outgoing traffic in the indicated network is not part of the overall traffic model in this network.