Method for translating product banners

US 10,409,993 B1
Filed: 01/13/2017
Issued: 09/10/2019
Est. Priority Date: 07/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method for detecting vulnerabilities on a computer, the method comprises:

receiving banner information relating to multiple software products hosted by the computer;

for each software product of the plurality of software products, translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules;

wherein each software product of the multiple software products is associated with a single unique software product identifier;

wherein the unique software product identifier comprises a structured set of attributes;

wherein at least one translation rule is a pattern based translation rule that specifices an allowable translation of a pattern of the banner information to a value of an attribute of the single unique software product identifier;

wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes; and

detecting vulnerabilities associated with the multiple software products.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automatically translating a banner information, the method may include receiving by a computer the banner information, wherein the banner information is included in at least one banner and describes an identity of a software product; and translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules; wherein each software product is associated with a single unique software product identifier; wherein the unique software product identifier comprises a structured set of attributes; wherein at least one translation rule is a pattern based translation rule; wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes.

18 Citations

22 Claims

1. A method for detecting vulnerabilities on a computer, the method comprises:
- receiving banner information relating to multiple software products hosted by the computer;
  
  for each software product of the plurality of software products, translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules;
  
  wherein each software product of the multiple software products is associated with a single unique software product identifier;
  
  wherein the unique software product identifier comprises a structured set of attributes;
  
  wherein at least one translation rule is a pattern based translation rule that specifices an allowable translation of a pattern of the banner information to a value of an attribute of the single unique software product identifier;
  
  wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes; and
  
  detecting vulnerabilities associated with the multiple software products.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1 wherein a translation of a software product of the plurality of software products, comprises detecting a pattern of banner information of the software product that is indicative of a version of the software product that is represented in the knowledgebase;
    - checking whether the pattern of the banner information is valid; and
      
      translating, by the computer the banner information, into the unique software product identifier when the pattern of the banner information is valid.
  - 3. The method according to claim 1 wherein a translation of a software product of the plurality of software products, comprises detecting a pattern of banner information of the software product that is indicative of an edition or an update of the software product that is represented in the knowledgebase;
    - checking whether the pattern of the banner information is valid; and
      
      translating, by the computer the banner information, into the unique software product identifier when the pattern of the banner information is valid.
  - 4. The method according to claim 1 wherein wherein the translating comprises applying alternative sequences of translating and validation rules to the banner information and to attributes extracted from the banner information;
    - and wherein applying of alternative sequences comprises generating and using search nodes that represent attribute extraction alternatives that were explored during the applying of the translating.
  - 5. The method according to claim 1 comprising receiving vulnerability information that comprises an association between vulnerabilities and software products that could be affected by the vulnerabilities.
  - 6. The method according to claim 5 wherein a source of the vulnerability information is a vulnerability dictionary.
  - 7. The method according to claim 5 comprising receiving vulnerability information from a report on new published vulnerabilities.
  - 8. The method according to claim 1 comprising identifying the vulnerabilities by matching between sets of name attributes of software products that are hosted by the computer and sets of name attributes of software products listed in vulnerability information.
  - 9. The method according to claim 1 comprising receiving vulnerability information that comprises information about vulnerabilities of a plurality of software products.
  - 10. The method according to claim 9 wherein the vulnerability information comprises a unique software product identifier per each software product of the plurality of software products, wherein each unique software product identifier comprises a structured set of attributes.
  - 11. The method according to claim 10 comprising translating for each software product of the plurality of software products, identification information included in the vulnerability information and related to the software product into a unique software product identifier.

12. A non-transitory computer readable medium that stores instructions for:
- receiving banner information relating to multiple software products hosted by the computer;
  
  for each software product of the plurality of software products, translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules;
  
  wherein each software product of the multiple software products is associated with a single unique software product identifier;
  
  wherein the unique software product identifier comprises a structured set of attributes;
  
  wherein at least one translation rule is a pattern based translation rule that specifices an allowable translation of a pattern of the banner information to a value of an attribute of the single unique software product identifier;
  
  wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes; and
  
  detecting vulnerabilities associated with the multiple software products.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The non-transitory computer readable medium according to claim 12 that stores instructions for receiving vulnerability information that comprises an association between vulnerabilities and software products that could be affected by the vulnerabilities.
  - 14. The non-transitory computer readable medium according to claim 13 wherein a source of the vulnerability information is a vulnerability dictionary.
  - 15. The non-transitory computer readable medium according to claim 13 that stores instructions for receiving vulnerability information from a report on new published vulnerabilities.
  - 16. The non-transitory computer readable medium according to claim 12 that stores instructions for identifying the vulnerabilities by matching between sets of name attributes of software products that are hosted by the computer and sets of name attributes of software products listed in vulnerability information.
  - 17. The non-transitory computer readable medium according to claim 12 that stores instructions for receiving vulnerability information that comprises information about vulnerabilities of a plurality of software products.
  - 18. The non-transitory computer readable medium according to claim 17 wherein the vulnerability information comprises a unique software product identifier per each software product of the plurality of software products, wherein each unique software product identifier comprises a structured set of attributes.
  - 19. The non-transitory computer readable medium according to claim 18 that stores instructions for translating for each software product of the plurality of software products, identification information included in the vulnerability information and related to the software product into a unique software product identifier.
  - 20. The non-transitory computer readable medium according to claim 12 wherein a translation of a software product of the plurality of software products, comprises detecting a pattern of banner information of the software product that is indicative of a version of the software product that is represented in the knowledgebase;
    - checking whether the pattern of the banner information is valid; and
      
      translating, by the computer the banner information, into the unique software product identifier when the pattern of the banner information is valid.
  - 21. The non-transitory computer readable medium according to claim 12 wherein a translation of a software product of the plurality of software products, comprises detecting a pattern of banner information of the software product that is indicative of an edition or an update of the software product that is represented in the knowledgebase;
    - checking whether the pattern of the banner information is valid; and
      
      translating, by the computer the banner information, into the unique software product identifier when the pattern of the banner information is valid.
  - 22. The non-transitory computer readable medium according to claim 12 wherein the translating comprises applying alternative sequences of translating and validation rules to the banner information and to attributes extracted from the banner information;
    - and wherein applying of alternative sequences comprises generating and using search nodes that represent attribute extraction alternatives that were explored during the applying of the translating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skybox Security, Inc.
Original Assignee
Skybox Security, Inc.
Inventors
Lotem, Amnon, Cohen, Gideon, Kaufman, Stav
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/405,314
Time in Patent Office

970 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 16/212   with details for data model...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 8/70   Software maintenance or man...

H04L 63/1433   Vulnerability analysis

Method for translating product banners

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Method for translating product banners

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others