Behavior-based host-based intrusion prevention system
First Claim
Patent Images
1. A method of protecting a system from unauthorized use comprising:
- decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of protecting a system from attack that includes monitoring processes running on a system, identifying behavior of the processes and attributes of the processes, grouping the processes into process sets based on commonality of attributes, and generating behavior control descriptions for each process set.
-
Citations
36 Claims
-
1. A method of protecting a system from unauthorized use comprising:
-
decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of protecting a system from unauthorized use comprising:
-
identifying processes running on a system, wherein each process has an independent behavior control description; and
controlling access to system resources by each process based on the behavior control description for the process. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of protecting a system from attack comprising:
-
monitoring processes running on a system;
identifying behavior of the processes and attributes of the processes;
grouping the processes into process sets based on commonality of attributes; and
generating behavior control descriptions for each process set. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for protecting a system from unauthorized use comprising:
-
means for decomposing processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
means for controlling access to system resources by each process based on a behavior control description for the process set to which the process belongs. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for protecting a system from unauthorized use comprising:
-
means for identifying processes running on a system, wherein each process has an independent behavior control description; and
means for controlling access to system resources by each process based on the behavior control description for the process. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A system for protecting a system from attack comprising:
-
means for monitoring processes running on a system;
means for identifying behavior of the processes and attributes of the processes;
means for grouping the processes into process sets based on commonality of attributes; and
means for generating behavior control descriptions for each process set.
-
-
34. A computer program product for protecting a system from unauthorized use, the computer program product comprising a computer useable medium having computer program logic recorded thereon for controlling a processor, the computer program logic comprising:
-
means for enabling a processor to decompose processes running on a system into a plurality of process sets, wherein each process set has a corresponding behavior control description; and
means for enabling a processor to control access to system resources by each process based on a behavior control description for the process set to which the process belongs.
-
-
35. A system for protecting a system from unauthorized use comprising:
-
means for enabling a processor to identify processes running on a system, wherein each process has an independent behavior control description; and
means for enabling a processor to control access to system resources by each process based on the behavior control description for the process.
-
-
36. A system for protecting a system from attack comprising:
-
means for enabling a processor to monitor processes running on a system;
means for enabling a processor to identify behavior of the processes and attributes of the processes;
means for enabling a processor to group the processes into process sets based on commonality of attributes; and
means for enabling a processor to generate behavior control descriptions for each process set.
-
Specification