VULNERABILITY DETECTION BASED ON AGGREGATED PRIMITIVES
First Claim
Patent Images
1. A vulnerability detection system comprising:
- an interface configured to receive a plurality of data transmissions at a computer;
a translation module configured to identify at least one primitive associated with each of the data transmissions;
an aggregation module configured to aggregate each of the data transmissions, including aggregating the at least one primitive associated with each of the data transmissions;
an analysis module configured to generate an analysis output identifying a match between the aggregated primitives and a policy; and
an enforcement module configured to generate a security alert based on the analysis output.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer-readable media are disclosed for detecting vulnerabilities based on aggregated primitives. A particular method includes receiving a plurality of data transmissions. At least one of the data transmissions includes a protocol anomaly that is not indicative of a security threat. The method includes identifying a plurality of primitives associated with the data transmissions. The primitives are aggregated, and an attack condition is identified based on the aggregated primitives. A security alert is generated based on the identified attack condition.
-
Citations
20 Claims
-
1. A vulnerability detection system comprising:
-
an interface configured to receive a plurality of data transmissions at a computer; a translation module configured to identify at least one primitive associated with each of the data transmissions; an aggregation module configured to aggregate each of the data transmissions, including aggregating the at least one primitive associated with each of the data transmissions; an analysis module configured to generate an analysis output identifying a match between the aggregated primitives and a policy; and an enforcement module configured to generate a security alert based on the analysis output. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a plurality of data transmissions, at least one of the data transmissions including a protocol anomaly that is not individually indicative of a security threat; identifying a plurality of primitives associated with the data transmissions; aggregating the plurality of primitives; identifying an attack condition based on the aggregated primitives; and generating a security alert based on the identified attack condition. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium comprising instructions, that when executed by a computer, cause the computer to:
-
receive a plurality of anomalous data transmissions, wherein each of the anomalous data transmissions does not individually trigger a security response; identify one or more primitives associated with each of the anomalous data transmissions; aggregate the one or more primitives associated with each of the anomalous data transmissions; identify an attack condition based on the aggregated primitives; and trigger an action based on the identified attack condition. - View Dependent Claims (17, 18, 19, 20)
-
Specification