Communications networks typically include a number of interconnected communications devices. Connections among the devices in some communications networks are accomplished through physical devices such as wires or optical links. Such networks can be referred to as “wired” networks. Connections among other devices in other communications networks can be accomplished through radio, infrared, or other wireless links. Such networks can be referred to as “wireless” networks. Accordingly, networks can thus include and/or otherwise be comprised of wired and/or wireless connectors and/or networks.
In varying degrees, network users often receive unwanted communications messages. While some unwanted messages can be benign, e.g., advertisements, the amount of unwanted traffic can consume valuable resources. Additionally, some unwanted messages, e.g., computer worms and viruses, can maliciously destroy other data at a receiving node and/or disable the operation of the node, while causing the node to forward the unwanted message to further unsuspecting nodes. Methods are known in the art for identifying and blocking receipt of some unwanted messages, e.g., virus scanning software. Generally, such methods include analyzing the contents of such messages.
Communications messages (e.g., data packets) transmitted across communications networks can be intercepted. Intercepted messages can yield valuable information and the process of intercepting and analyzing messages can be referred to as “traffic analysis”. In general, traffic analysis can seek to understand something about the message traffic on a network by observing the traffic and analyzing that traffic to extract information. However, to guard against unwanted traffic analysis, messages can be encrypted. For example, both the content and the destination of a message can be obscured through encryption.
Commonly assigned U.S. patent application Ser. No. 10/212,324 entitled “Encoding Signals to Facilitate Traffic Analysis”, incorporated by reference herein in its entirety, describes methods and systems that acquire information about communications among nodes in a network by intercepting pieces or “chunks” of data in the network by a tap located among the nodes in the network. Characteristic information about the intercepted chunks of data can be obtained. The characteristic information can include times of arrival of the chunks of data at the tap and identifiers of the source nodes that transmitted the chunks of data. A signal can be constructed to represent the characteristic information over time.
Commonly assigned U.S. patent application Ser. No. 10/243,489 entitled “Methods and Systems for Passive Information Discovery Using Lomb Periodogram Processing”, incorporated by reference herein in its entirety, describes methods and systems for processing communications signals in a network that can obtain time of arrival information for chunks of data in the network and construct a signal to represent the time of arrival of the information. The signal can consist of data that is non-uniformly spaced. The system can process the signal using a Lomb technique to obtain periodicity information about the signal.
Commonly assigned U.S. patent application Ser. No. 10/359,995 entitled “End-To-End Route Discovery From Link Activity Traces”, incorporated by reference herein in its entirety, describes methods and systems for determining shortest routes between pairs of nodes in a network that can obtain time of arrival information for chunks of data in the network and construct a network graph from the time of arrival information. The network graph can include links between pairs of nodes, with the links including time series of data. The methods and systems can also include finding shortest routes between pairs of nodes in the network graph. One shortest route can be chosen for a pair of nodes that can have multiple shortest routes of the same length based on the time series of data in the links.
The information obtained using the above described methods and systems can be based on the time of arrival for chunks of data and not on the contents of the data. Thus, the information can be available for encrypted messages. Methods and systems can be developed to aid in identifying unwanted messages using this information and further to track the spread of the messages on the network.