Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Systems and methods of classifying sessions
US9699042B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9699042-B2 |
| Application number | US-201514971609-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 16, 2015 |
| Priority date | Jun 5, 2008 |
| Publication date | Jul 4, 2017 |
| Grant date | Jul 4, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods of classifying sessions are disclosed. A particular method monitors user activity at one or more servers accessible via a network and capturing event entries in an activity log for user activity that is detected. The event entries include descriptive information regarding a user action, a client identifier and a session identifier. The method also includes attempting to classify sessions associated with a plurality of event entries of the activity log as legitimate use or illegitimate use of resources of the one or more servers. The method further includes identifying unclassified sessions. The method also includes determining a count of a number of unclassified sessions associated with a particular client identifier and determining a total number of sessions associated with the particular client identifier. The method further includes classifying the unclassified sessions as legitimate use or illegitimate use of the resources of the one or more servers.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier; determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users. 2. The computer-implemented method of claim 1 , further comprising: determining that the ratio at least meets the threshold; and classifying the unclassified sessions as being associated with human activity. 3. The computer-implemented method of claim 1 , further comprising: determining that the ratio does not meet the threshold; and classifying the unclassified sessions as being associated with automated activity. 4. The computer-implemented method of claim 1 , further comprising: performing a probabilistic analysis of on historical action data associated with the plurality of communication sessions; and determining the session characteristics included in the unclassified sessions model. 5. The computer-implemented method of claim 1 , further comprising: obtaining classification statistics associated with the plurality of communication sessions; and modifying the session characteristics based at least in part on the classification statistics. 6. The computer-implemented method of claim 1 , wherein the session characteristics indicates that sessions associated with a purchase transaction correspond to human activity, and wherein classifying the unclassified sessions further comprises: determining that at least a portion of the plurality of communication sessions is associated with a purchase transaction. 7. The computer-implemented method of claim 1 , wherein the session characteristics indicates that sessions associated with activity occurring at a rate above a specified threshold correspond to automated activity, and wherein classifying the unclassified sessions further comprises: determining that at least a portion of the plurality of communication sessions is associated with respective activity that occurs at a respective rate above a specified threshold. 8. The computer-implemented method of claim 1 , wherein the human activity is associated with legitimate activity, and wherein the automated activity is associated with illegitimate activity. 9. The computer-implemented method of claim 1 , further comprising a search engine configured to provide search results, wherein an event associated with the sessions data includes a search performed via the search engine. 10. A computing system, comprising: a device processor; a memory device including instructions that, when executed by the device processor, cause the computing system to: monitor, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyze the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determine a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier; determine a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and classify the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users. 11. The computing system of claim 10 , wherein the instructions, when executed further enable the computing system to: perform a probabilistic analysis of on historical action data associated with the plurality of communication sessions; and determine the session characteristics included in the unclassified sessions model. 12. The computing system of claim 10 , wherein the instructions, when executed further enable the computing system to: obtain classification statistics associated with the plurality of communication sessions; and modify the session characteristics based at least in part on the classification statistics. 13. The computing system of claim 10 , further comprising: an activity log configured to store information relating to an event associated with the sessions data. 14. The computing system of claim 10 , further comprising: a search engine configured to provide search results, wherein an event associated with the sessions data includes a search performed via the search engine. 15. The computing system of claim 10 , wherein the client identifier includes at least one of a user identifier or a network address, and wherein the unclassified sessions model is associated with a cookie file, and wherein the plurality of communication sessions includes information for at least one of a client identifier for individual sessions in the plurality of communication sessions, a session identifier for individual sessions in the plurality of communication sessions, or a session type for individual sessions in the plurality of communication sessions. 16. A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising: monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determining a quantity of other unclassified sessions associated with the client identifier and a quantity of to
Assignees
Inventors
Classifications
- H04L43/04Primary
Processing captured monitoring data, e.g. for logfile generation · CPC title
Electricity · mapped topic
Flooding (denial of service attacks H04L63/1458) · CPC title
using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements · CPC title
Network architectures or network communication protocols for network security (cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00; network architectures or network communication protocols for wireless network security H04W12/00; security arrangements for protecting computers or computer systems against unauthorised activity G06F21/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9699042B2 cover?
- Systems and methods of classifying sessions are disclosed. A particular method monitors user activity at one or more servers accessible via a network and capturing event entries in an activity log for user activity that is detected. The event entries include descriptive information regarding a user action, a client identifier and a session identifier. The method also includes attempting to clas…
- Who is the assignee on this patent?
- A9 Com Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L43/04. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).