SYSTEMS AND METHODS FOR MESSAGE THREAT MANAGEMENT
First Claim
1. A management system for generating and distributing threat detection rules to application layer security systems, the system comprising:
- a. a communication interface adapted to allow communication between the management system and at least one application layer security system, b. a system data store comprising one or more data storage elements, wherein the system data store is capable of storing;
i. one or more sets of threat management goals; and
ii. threat information; and
c. a system processor in communication with the communication interface and the system data store, wherein the system processor comprises one or more processing elements and the one or more processing elements are programmed or adapted to;
i. receive threat information from one or more sources;
ii. reduce the received threat information into a canonical form;
iii. extract features from the reduced threat information;
iv. generate a rule set of one or more threat rules based upon the extracted features and a goal set of one or more threat management goals in the system data store; and
v. transmit the generated rule set to at least one of the plurality of application layer security systems.
12 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security systems. The received threat information is reduced into a canonical form. Features are extracted from the reduced threat information; these features in conjunction with configuration data such as goals are used to produce rules. In some embodiments, these rules are tested against one or more sets of test data and compared against the same or different goals; if one or more tests fail, the rules are refined until the tests succeed within an acceptable margin of error. The rules are then propagated to one or more application layer security systems.
-
Citations
38 Claims
-
1. A management system for generating and distributing threat detection rules to application layer security systems, the system comprising:
-
a. a communication interface adapted to allow communication between the management system and at least one application layer security system, b. a system data store comprising one or more data storage elements, wherein the system data store is capable of storing;
i. one or more sets of threat management goals; and
ii. threat information; and
c. a system processor in communication with the communication interface and the system data store, wherein the system processor comprises one or more processing elements and the one or more processing elements are programmed or adapted to;
i. receive threat information from one or more sources;
ii. reduce the received threat information into a canonical form;
iii. extract features from the reduced threat information;
iv. generate a rule set of one or more threat rules based upon the extracted features and a goal set of one or more threat management goals in the system data store; and
v. transmit the generated rule set to at least one of the plurality of application layer security systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for managing threat information, the method comprising the steps of:
-
a. receiving threat information from one or more sources selected from the group consisting of application layer security systems, spam databases, a virus information databases, and intrusion information databases;
b. reducing the received threat information into a canonical form;
c. extracting features from the reduced threat information by applying one or more regular expressions;
d. selecting a goal set of one or more threat management goals based at least in part upon a selected application layer security system from the plurality of application layer security systems, wherein the goal set comprises one or more values of a type selected from the group of effectiveness values, accuracy values, efficiency values and false positive values;
e. generating a candidate rule set of one or more threat rules based upon the extracted features and the goal set;
f. testing the candidate rule set against one or more sets of test data;
g. refining the candidate rule set if the evaluation of the rule set fails to satisfy a predetermined confidence level; and
h. transmitting the candidate or refined rule set to at least one application layer security system.
-
-
21. A management system for generating and distributing threat detection rules to application layer security systems, the system comprising:
-
a. communication means for receiving threat information from one or more sources selected from the group consisting of application layer security systems, spam databases, a virus information databases, and intrusion information databases and for transmitting a generated rule set to at least one application layer security system;
b. rule generation means for;
i. reducing threat information received by the communication means into a canonical form;
ii. extracting features from the reduced threat information by applying one or more regular expressions;
iii. selecting a goal set of one or more threat management goals based at least in part upon a selected application layer security system from the plurality of application layer security systems, wherein the goal set comprises one or more values of a type selected from the group of effectiveness values, accuracy values, efficiency values and false positive values;
iv. generating a candidate rule set of one or more threat rules based upon the extracted features and the goal set;
v. testing the candidate rule set against one or more sets of test data;
vi. refining the candidate rule set if the evaluation of the rule set fails to satisfy predetermined confidence level; and
vii. providing the candidate or refined rule set to the communication means.
-
-
22. An application layer security system, the system comprising:
-
a. at least one application server system communication interface communicatively coupling the security system to a communication network allowing communication with one or more other application-layer security systems and a threat management system;
b. a system data store capable of storing an electronic communication and accumulated data associated with received electronic communications; and
c. a system processor in communication with the system data store and the at least one application server system communication interface, wherein the system processor comprises one or more processing elements and wherein the system processor;
i. receives an electronic communication directed to or from a selected application server system;
ii. applies one or more tests to the received electronic communication, wherein each of the one or more tests evaluates the received electronic communication for a particular security risk;
iii. stores in the system data store a risk profile associated with the received electronic communication based upon the applied one or more tests; and
iv. outputs information based upon the stored risk profile to a second application layer security system, a threat management center, a threat pushback system or a combination thereof. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification