Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications
First Claim
1. A method for dynamic learning the behavior of enterprise applications for providing the fast protection of the enterprise applications, wherein the method comprises:
- receiving enterprise application events processed by network sensors;
analyzing the enterprise application events;
generating an adaptive normal behavior profile (NBP), the adaptive NBP comprises at least a plurality of profile items and each of the plurality profile items comprises a plurality of profile properties; and
performing statistical analysis to determine if the adaptive NBP is stable.
5 Assignments
0 Petitions
Accused Products
Abstract
A dynamic learning method and an adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications are disclosed. The adaptive NBP architecture includes a plurality of profile items. Each profile item includes a plurality of profile properties holding the descriptive values of the respective item. An application-level security system can identify and prevent attacks targeted at enterprise applications by matching application events against at least a single profile item in the adaptive NBP.
133 Citations
70 Claims
-
1. A method for dynamic learning the behavior of enterprise applications for providing the fast protection of the enterprise applications, wherein the method comprises:
-
receiving enterprise application events processed by network sensors;
analyzing the enterprise application events;
generating an adaptive normal behavior profile (NBP), the adaptive NBP comprises at least a plurality of profile items and each of the plurality profile items comprises a plurality of profile properties; and
performing statistical analysis to determine if the adaptive NBP is stable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product, comprising computer-readable media with instructions to enable a computer to implement a method for dynamic learning the behavior of enterprise applications for providing fast the protection of the enterprise applications, wherein the method comprises:
-
receiving enterprise application events processed by network sensors;
analyzing the enterprise application events;
generating an adaptive normal behavior profile (NBP), the adaptive NBP comprises at least a plurality of profile items and each of the plurality profile items comprises a plurality of profile properties; and
performing statistical analysis to determine if the adaptive NBP is stable. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A non-intrusive network security system that utilizes a dynamic process for learning the behavior of enterprise applications for the purpose of allowing the fast protection of the enterprise applications, wherein the security system comprises:
-
a plurality of network sensors capable of collecting, reconstructing, and processing enterprise application events;
a secure server capable of building adaptive normal behavior profiles (NBPs); and
connectivity means enabling the plurality of network sensors to monitor traffic directed to at least devices that require protection. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. An adaptive normal behavior profile (NBP) architecture enabling the fast protection of enterprise applications, the architecture comprising at least:
-
a plurality of profile items; and
each of the plurality of profile items comprises a plurality of profile properties. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
Specification