Abstract: Method and apparatus for situation-based management of natural and artificial systems using event correlation and a situation manager. Input is provided from multiple sources in the form of a collection of events. A first level of processing performs event correlation over the collection of events and infers new events and new qualities of events. A second level of processing manages situations based on the collection of events, where situations are recognized, maintained, and given a degree of confidence. Situations are periodically updated based on incoming events. The assertion of a situation may call for information from external sources, provide information for external sources, and provide control instructions to external sources. Given a current situation, past, and possible future situations are inferred. Additionally, a method and apparatus for bi-directional communication between the event correlator and situation manager.

Abstract: In a system for managing data, voice, application and video networks and associated systems and services that comprise multiple, interconnected network technologies, a management system suited for a particular networking technology manages each separate technology domain. Multiple management systems thus manage multiple domains with respect to fault, configuration, accounting, performance, and security management. The management systems that manage the individual networking technology domains are then themselves managed by a higher-level system, called an inter-domain management system, which performs cross-domain management. The individual management systems of the invention collect data from their respective technology domains and provide it to an intra-domain data collection function.

Abstract: Method and apparatus for service level management, wherein business processes are composed of services. A state of the service is defined by one or more service parameters, and the service parameters depend upon performance of network components that support the service, e.g., component parameters. The state of the service may depend, for example, on a collection of service parameter values for availability, reliability, security, integrity and response time. A service level agreement is a contract between a supplier and a customer that identifies services supported by a network, service parameters for the services, and service levels (e.g., acceptable levels) for each service parameter.

Abstract: In a system for managing data, voice, application and video networks and associated systems and services that comprise multiple, interconnected network technologies, a management system suited for a particular networking technology manages each separate technology domain. Multiple management systems thus manage multiple domains with respect to fault, configuration, accounting, performance, and security management. The management systems that manage the individual networking technology domains are then themselves managed by a higher-level system, called an inter-domain management system, which performs cross-domain management. The individual management systems of the invention collect data from their respective technology domains and provide it to an intra-domain data collection function.

Abstract: Method and apparatus for situation-based management of natural and artificial systems using event correlation and a situation manager. Input is provided from multiple sources in the form of a collection of events. A first level of processing performs event correlation over the collection of events and infers new events and new qualities of events. A second level of processing manages situations based on the collection of events, where situations are recognized, maintained, and given a degree of confidence. Situations are periodically updated based on incoming events. The assertion of a situation may call for information from external sources, provide information for external sources, and provide control instructions to external sources. Given a current situation, past, and possible future situations are inferred. Additionally, a method and apparatus for bi-directional communication between the event correlator and situation manager.

Abstract: Method and apparatus for service level management, wherein business processes are composed of services. A state of the service is defined by one or more service parameters, and the service parameters depend upon performance of network components that support the service, e.g., component parameters. The state of the service may depend, for example, on a collection of service parameter values for availability, reliability, security, integrity and response time. A service level agreement is a contract between a supplier and a customer that identifies services supported by a network, service parameters for the services, and service levels (e.g., acceptable levels) for each service parameter.

Abstract: In one embodiment of a method and apparatus for protecting data, voice, and video networks from individuals with malicious intent, a real network or network device has a vicarious simulated counterpart that may take the place of the real device or network upon appropriate triggering. The simulated counterpart behaves like the real device, but records the suspect transactions. The integrity of the real network or device is therefore continuously maintained because the suspect is isolated from the real network and the suspect transactions are not passed on to the actual device or network. The recorded transactions may then be analyzed for purposes of exposing the perpetrator, discovering perpetrator behavior patterns, and identifying device or network security weaknesses.

Abstract: In a system for managing data, voice, application and video networks and associated systems and services that comprise multiple, interconnected network technologies, a management system suited for a particular networking technology manages each separate technology domain. Multiple management systems thus manage multiple domains with respect to fault, configuration, accounting, performance, and security management. The management systems that manage the individual networking technology domains are then themselves managed by a higher-level system, called an inter-domain management system, which performs cross-domain management. The individual management systems of the invention collect data from their respective technology domains and provide it to an intra-domain data collection function.

Abstract: A method and apparatus for managing data, voice, application, and video services allows anticipation of poor quality of service from a remote management station, in order to allow correction of the cause before the end user perceives service quality degradation. Specific system phenomena are identified that coincide with user-perceived service degradation in a particular network. The network is then monitored for the occurrence of those phenomena. Incipient or existing user-perceived quality of service degradation is inferred from the occurrence of one or more of those phenomena and action is taken to avoid and/or correct the degraded service quality condition. In a preferred embodiment, as many of the steps as possible are performed automatically by a network management system. In one embodiment, a close correlation is assumed between application data buffer over-extension and poor quality of service from a user's point of view.

Abstract: A system and method are provided for simulating computer networks. Network device simulator provides individual simulations of individual network devices, which operate independently of one another. Network simulator contains the simulated network topology and provides connection information to the network device simulators. The network simulator also allows an operator to alter the simulator topology and inject simulator conditions. A Network Management Station (NMS) manages the simulated network as if it were a real network.

Abstract: In one embodiment of a method and apparatus for predicting and preventing network attacks, data is collected from network devices during an attack. The collected data is analyzed to identify specific temporal precursors of the attack. The future network activity is then monitored for the presence of the identified temporal attack precursors. When the presence of a precursor is detected, appropriate protective action is taken. Preferably, all steps in this process occur automatically. In the preferred embodiment, the process is performed under the control of one or more network or element management systems. The possible network domain includes data, voice, and video networks and multiple, interconnected network technologies. In one embodiment, triggers responsive to the presence of the identified precursors are placed into a network or element management system.

Abstract: In a system for managing data, voice, application and video networks and associated systems and services that comprise multiple, interconnected network technologies, a management system suited for a particular networking technology manages each separate technology domain. Multiple management systems thus manage multiple domains with respect to fault, configuration, accounting, performance, and security management. The management systems that manage the individual networking technology domains are then themselves managed by a higher-level system, called an inter-domain management system, which performs cross-domain management. The individual management systems of the invention collect data from their respective technology domains and provide it to an intra-domain data collection function.

Abstract: A system and method are provided for simulating computer networks. Network device simulator provides individual simulations of individual network devices, which operate independently of one another. Network simulator contains the simulated network topology and provides connection information to the network device simulators. The network simulator also allows an operator to alter the simulator topology and inject simulator conditions. A Network Management Station (NMS) manages the simulated network as if it were a real network.

Abstract: A method and apparatus for managing data, voice, application, and video services allows anticipation of poor quality of service from a remote management station, in order to allow correction of the cause before the end user perceives service quality degradation. Specific system phenomena are identified that coincide with user-perceived service degradation in a particular network. The network is then monitored for the occurrence of those phenomena. Incipient or existing user-perceived quality of service degradation is inferred from the occurrence of one or more of those phenomena and action is taken to avoid and/or correct the degraded service quality condition. In a preferred embodiment, as many of the steps as possible are performed automatically by a network management system. In one embodiment, a close correlation is assumed between application data buffer over-extension and poor quality of service from a user's point of view.

Abstract: A system and method is provided for managing information. Information is aggregated from multiple data sources into a data warehouse wherein the information can be provided to software applications. Disparate information from multiple sources is processed and stored in the data warehouse. Processing may include filtering, collation, compression, and mapping information into database fields of the warehouse. In one aspect, information stored in the warehouse may be network management data.

Abstract: In one embodiment of a method and apparatus for predicting and preventing network attacks, data is collected from network devices during an attack. The collected data is analyzed to identify specific temporal precursors of the attack. The future network activity is then monitored for the presence of the identified temporal attack precursors. When the presence of a precursor is detected, appropriate protective action is taken. Preferably, all steps in this process occur automatically. In the preferred embodiment, the process is performed under the control of one or more network or element management systems. The possible network domain includes data, voice, and video networks and multiple, interconnected network technologies. In one embodiment, triggers responsive to the presence of the identified precursors are placed into a network or element management system.

Abstract: A system and method is provided for managing information. Information is aggregated from multiple data sources into a data warehouse wherein the information can be provided to software applications. Disparate information from multiple sources is processed and stored in the data warehouse. Processing may include filtering, collation, compression, and mapping information into database fields of the warehouse. In one aspect, information stored in the warehouse may be network management data.

Abstract: In one embodiment of a method and apparatus for protecting data, voice, and video networks from individuals with malicious intent, a real network or network device has a vicarious simulated counterpart that may take the place of the real device or network upon appropriate triggering. The simulated counterpart behaves like the real device, but records the suspect transactions. The integrity of the real network or device is therefore continuously maintained because the suspect is isolated from the real network and the suspect transactions are not passed on to the actual device or network. The recorded transactions may then be analyzed for purposes of exposing the perpetrator, discovering perpetrator behavior patterns, and identifying device or network security weaknesses.

Abstract: Method and apparatus for automatically populating a network simulation tool database with network topology and/or traffic information. A topology extraction tool is provided for reading the topology and traffic information in a network management system database, and translating this information into a matching data format required by the simulation tool database before writing the information to the simulation tool database. This automatic method avoids the time-consuming and error-prone prior art manual method of constructing a network model.