HOST INTRUSION PREVENTION SERVER

US 20110179489A1
Filed: 04/06/2011
Published: 07/21/2011
Est. Priority Date: 01/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method of intrusion protection of a plurality of hosts, the method implemented by a deep-security device communicatively coupled to a central server, said deep security device having at least one processor and at least one memory device, the method comprising:

storing a set of intrusion patterns;

storing a set of data filters, each data filter developed to combat at least one of said intrusion patterns;

encoding a set of descriptors for characterizing said plurality of hosts;

devising a set of encoded rules for selectively assigning said data filters to said plurality of hosts according to said descriptors;

identifying a subset of said encoded rules applicable to a selected host according to characterizing information received from said selected host; and

determining a time table for applying said subset of said encoded rules to said selected host.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intrusion-prevention server supporting a set of hosts comprises data filters and an engine which uses a set of encoded rules for assigning data filters to hosts according to metadata characterizing the hosts. Each data filter corresponds to at least one intrusion pattern from among a set of intrusion patterns and the data filters are continuously updated as intrusion patterns change. Metadata acquired from a host varies with a changing state of the host. Acquisition of metadata from each host is streamlined to reduce communications between the server and the hosts and to minimize processing effort for both the server and the hosts.

40 Citations

View as Search Results

5 Claims

1. A method of intrusion protection of a plurality of hosts, the method implemented by a deep-security device communicatively coupled to a central server, said deep security device having at least one processor and at least one memory device, the method comprising:
- storing a set of intrusion patterns;
  
  storing a set of data filters, each data filter developed to combat at least one of said intrusion patterns;
  
  encoding a set of descriptors for characterizing said plurality of hosts;
  
  devising a set of encoded rules for selectively assigning said data filters to said plurality of hosts according to said descriptors;
  
  identifying a subset of said encoded rules applicable to a selected host according to characterizing information received from said selected host; and
  
  determining a time table for applying said subset of said encoded rules to said selected host.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising:
    - classifying said hosts into a number of classes each class including a respective subset of hosts from among said set of hosts;
      
      determining class-specific subsets of descriptors from among said set of descriptors; and
      
      assigning a class-specific subset of descriptors relevant of a specific class to each host of said specific class.
  - 3. The method of claim 1 further comprising selecting descriptors of each rule according to:
    - state-dependent sequence of queries sent from said deep-security device to a selected host; and
      
      responses to said queries received at said deep-security device.
  - 4. The method of claim 1 further comprising arranging descriptors of each rule into a tree structure having a root descriptor, inner descriptors, and leaf descriptors.
  - 5. The method of claim 4 further comprising:
    - sending a root descriptor from the deep-security manager to a selected host; and
      
      recursively performing processes of;
      
      receiving state information from said selected host;
      
      determining a subsequent descriptor according to said state information; and
      
      where said subsequent descriptor is an inner descriptor, sending said subsequent descriptor to said selected host; and
      
      subject to an indication that said subsequent descriptor is a leaf descriptor, determining one of;
      
      maintaining existing security configuration of said selected host;
      
      removal of an existing filter installed in said selected host; and
      
      assigning new filters from among said set of data filters to said selected host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Kabushiki Kaisha
Original Assignee
Trend Micro Kabushiki Kaisha
Inventors
Durie, Anthony Robert, McGee, William G.

Granted Patent

US 8,230,508 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1441   Countermeasures against mal...

HOST INTRUSION PREVENTION SERVER

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

HOST INTRUSION PREVENTION SERVER

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links