Behavior-based host-based intrusion prevention system
First Claim
Patent Images
1. A method of protecting a system from unauthorized use comprising:
- decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of protecting a system from attack that includes monitoring processes running on a system, identifying behavior of the processes and attributes of the processes, grouping the processes into process sets based on commonality of attributes, and generating behavior control descriptions for each process set.
329 Citations
36 Claims
-
1. A method of protecting a system from unauthorized use comprising:
-
decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of protecting a system from unauthorized use comprising:
-
identifying processes running on a system, wherein each process has an independent behavior control description; and
controlling access to system resources by each process based on the behavior control description for the process. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of protecting a system from attack comprising:
-
monitoring processes running on a system;
identifying behavior of the processes and attributes of the processes;
grouping the processes into process sets based on commonality of attributes; and
generating behavior control descriptions for each process set. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for protecting a system from unauthorized use comprising:
-
means for decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
means for controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for protecting a system from unauthorized use comprising:
-
means for identifying processes running on a system, wherein each process has an independent behavior control description; and
means for controlling access to system resources by each process based on the behavior control description for the process. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A system for protecting a system from attack comprising:
-
means for monitoring processes running on a system;
means for identifying behavior of the processes and attributes of the processes;
means for grouping the processes into process sets based on commonality of attributes; and
means for generating behavior control descriptions for each process set.
-
-
34. A computer program product for protecting a system from unauthorized use, the computer program product comprising a computer useable medium having computer program logic recorded thereon for controlling a processor, the computer program logic comprising:
-
means for enabling a processor to decompose processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
means for enabling a processor to control access to system resources by each process based on a behavior control description for the process set to which the process belongs.
-
-
35. A system for protecting a system from unauthorized use comprising:
-
means for enabling a processor to identify processes running on a system, wherein each process has an independent behavior control description; and
means for enabling a processor to control access to system resources by each process based on the behavior control description for the process.
-
-
36. A system for protecting a system from attack comprising:
-
means for enabling a processor to monitor processes running on a system;
means for enabling a processor to identify behavior of the processes and attributes of the processes;
means for enabling a processor to group the processes into process sets based on commonality of attributes; and
means for enabling a processor to generate behavior control descriptions for each process set.
-
Specification