Method and system for adaptive rule-based content scanners for desktop computers

US 20050240999A1
Filed: 12/09/2004
Published: 10/27/2005
Est. Priority Date: 11/06/1997
Status: Active Grant

First Claim

Patent Images

1. A security system for scanning content within a computer, comprising:

a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer;

a database of rules corresponding to computer exploits, stored within the computer;

a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin;

a network traffic probe, operatively coupled to said network interface and to said rule-based content scanner, for selectively diverting content from its intended destination to said rule-based content scanner; and

a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for scanning content within a computer, including a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer, a database of rules corresponding to computer exploits, stored within the computer, a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin, a network traffic probe, operatively coupled to the network interface and to the rule-based content scanner, for selectively diverting content from its intended destination to the rule-based content scanner, and a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available. A method and a computer readable storage medium are also described and claimed.

272 Citations

25 Claims

1. A security system for scanning content within a computer, comprising:
- a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer;
  
  a database of rules corresponding to computer exploits, stored within the computer;
  
  a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin;
  
  a network traffic probe, operatively coupled to said network interface and to said rule-based content scanner, for selectively diverting content from its intended destination to said rule-based content scanner; and
  
  a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The security system of claim 1 wherein said database of rules stores rules in the form of pattern-matching engines.
  - 3. The security system of claim 2 wherein the pattern-matching engines are deterministic finite automata.
  - 4. The security system of claim 2 wherein the pattern-matching engines are non-deterministic finite automata.
  - 5. The security system of claim 1 further comprising a content blocker, operatively coupled to said rule-based content scanner, for preventing a potential exploit that was recognized by said rule-based content scanner from reaching its intended destination.
  - 6. The system of claim 1 wherein the content received from the Internet by said network interface is HTTP content.
  - 7. The system of claim 1 wherein the content received from the Internet by said network interface is HTTPS content.
  - 8. The system of claim 1 wherein the content received from the Internet by said network interface is FTP content.
  - 9. The system of claim 1 wherein the content received from the Internet by said network interface is SMTP content.
  - 10. The system of claim 1 wherein the content received from the Internet by said network interface is POP3 content.
  - 11. The system of claim 1 wherein the destination Internet application is a web browser.
  - 12. The system of claim 1 wherein the destination Internet application is an e-mail client.

13. A method for scanning content within a computer, comprising:
- receiving content from the Internet on its destination to an Internet application;
  
  selectively diverting the received content from its intended destination;
  
  scanning the selectively diverted content to recognize potential exploits therewithin, based on a database of rules corresponding to computer exploits; and
  
  updating the database of rules periodically to incorporate new rules that are made available.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13 wherein said database of rules stores rules in the form of pattern-matching engines.
  - 15. The method of claim 14 wherein the pattern-matching engines are deterministic finite automata.
  - 16. The method of claim 14 wherein the pattern-matching engines are non-deterministic finite automata.
  - 17. The method of claim 13 further comprising preventing a potential exploit that was recognized by said scanning from reaching its intended destination.
  - 18. The method of claim 13 wherein the content received from the Internet by said network interface is HTTP content.
  - 19. The method of claim 13 wherein the content received from the Internet by said network interface is HTTPS content.
  - 20. The method of claim 13 wherein the content received from the Internet by said network interface is FTP content.
  - 21. The method of claim 13 wherein the content received from the Internet by said network interface is SMTP content.
  - 22. The method of claim 13 wherein the content received from the Internet by said network interface is POP3 content.
  - 23. The method of claim 13 wherein the destination Internet application is a web browser.
  - 24. The method of claim 13 wherein the destination Internet application is an e-mail client.

25. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
- receiving content from the Internet on its destination to an Internet application;
  
  selectively diverting the received content from its intended destination;
  
  scanning the selectively diverted content to recognize potential exploits therewithin, based on a database of rules corresponding to computer exploits; and
  
  updating the database of rules periodically to incorporate new rules that are made available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan, Inc. (SoftBank Group Corp.)
Inventors
Shaked, Amit, Yermakov, Alexander, Touboul, Shlomo, Rubin, Moshe, Matitya, Moshe, Melnick, Artem

Granted Patent

US 7,975,305 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/563 by source code analysis

Method and system for adaptive rule-based content scanners for desktop computers

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

272 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for adaptive rule-based content scanners for desktop computers

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

272 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links