System and Method for Concept Building

US 20130246371A1
Filed: 01/13/2009
Published: 09/19/2013
Est. Priority Date: 01/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a root term;

determining one or more other terms belonging to a group associated with the root term;

selecting one or more of the terms from the group;

converting the selected terms to regular expressions that are mapped to attributes according to an attribute map;

indexing a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored;

applying a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and

quarantining at least some of the network traffic based on the rule.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example embodiment and it includes identifying a root term and determining one or more other terms belonging to a group associated with the root term. The method also includes selecting one or more of the terms from the group and generating a concept based on the selected terms from the group, wherein the concept is applied to a rule that affects data management for one or more documents that satisfy the rule. In more specific embodiments, the root term is identified via a search or via an incident list. In other embodiments, a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term. The concept can be used to automatically mark one or more documents that relate to the concept.

Citations

26 Claims

1. A method, comprising:
- identifying a root term;
  
  determining one or more other terms belonging to a group associated with the root term;
  
  selecting one or more of the terms from the group;
  
  converting the selected terms to regular expressions that are mapped to attributes according to an attribute map;
  
  indexing a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored;
  
  applying a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and
  
  quarantining at least some of the network traffic based on the rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the root term is identified via a search or via an incident list.
  - 3. The method of claim 1, wherein a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term.
  - 4. The method of claim 1, wherein the determining of the other terms includes identifying parameters associated with distance and frequency associated with the other terms.
  - 5. The method of claim 1, wherein the regular expressions are to be placed in the group.
  - 6. The method of claim 5, wherein if any of the regular expressions appear in a group of documents, then a presence of the concept associated with the expressions is marked in those documents.
  - 7. The method of claim 1, wherein the concept is used to automatically mark one or more documents that relate to the concept.
  - 8. The method of claim 1, wherein a search can be performed on a keyword and the keyword becomes the root term, wherein the keyword can be characterized using Boolean connectors.
  - 9. The method of claim 1, wherein identifying the root term includes performing single keyword or multiple keyword searches.
  - 10. The method of claim 1, wherein determining the other terms belonging to the group includes factoring in a proximity parameter associated with one or more of the other terms, and wherein the proximity parameter can be used to identify a distance from expressions or terms and the root term.

11. An apparatus, comprising:
- a processor; and
  
  a memory, wherein the apparatus is configured to;
  
  capture packets as part of providing a firewall function in a network environment;
  
  identify a root term and determine one or more other terms belonging to a group associated with the root term, wherein one or more of the terms from the group are selected;
  
  convert the selected terms to regular expressions that are mapped to attributes according to an attribute map;
  
  index a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored;
  
  apply a concept based on the selected terms from the group to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and
  
  quarantine at least some of the network traffic based on the rule.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The apparatus of claim 11, wherein the apparatus is a network appliance that is coupled to a network and a database.
  - 13. The apparatus of claim 11, wherein the root term is identified via a search or via an incident list, and wherein a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term.
  - 14. The apparatus of claim 11, wherein the determining of the other terms includes identifying parameters associated with distance and frequency associated with the other terms.
  - 15. The apparatus claim 14, wherein if any expressions appear in a group of documents, then a presence of the concept associated with the expressions is marked in those documents.
  - 16. The apparatus of claim 11, wherein the concept is used to automatically mark one or more documents that relate to the concept, and wherein a search can be performed on a keyword and the keyword becomes the root term, wherein the keyword can be characterized using Boolean connectors.

17. Logic encoded in non-transitory media for execution and when executed by a processor operable to:
- identify a root term;
  
  determine one or more other terms belonging to a group associated with the root term;
  
  select one or more of the terms from the group;
  
  convert the selected terms to regular expressions that are mapped to attributes according to an attribute map;
  
  index a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored;
  
  apply a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags to determine if any of the selected terms occur in the document; and
  
  quarantine at least some of the network traffic based on the rule.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The logic of claim 17, wherein the root term is identified via a search or via an incident list.
  - 19. The logic of claim 17, wherein a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term.
  - 20. The logic of claim 17, wherein the determining of the other terms includes identifying parameters associated with distance and frequency associated with the other terms.
  - 21. The logic of claim 17, wherein the regular expressions are to be placed in the group.
  - 22. The logic of claim 21, wherein if any of the regular expressions appear in a group of documents, then a presence of the concept associated with the expressions is marked in those documents.
  - 23. The logic of claim 17, wherein the concept is used to automatically mark one or more documents that relate to the concept.
  - 24. The logic of claim 17, wherein a search can be performed on a keyword and the keyword becomes the root term, wherein the keyword can be characterized using Boolean connectors.
  - 25. The logic of claim 17, wherein identifying the root term includes performing single keyword or multiple keyword searches.
  - 26. The logic of claim 17, wherein determining the other terms belonging to the group includes factoring in a proximity parameter associated with one or more of the other terms, and wherein the proximity parameter can be used to identify a distance from expressions or terms and the root term.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Ahuja, Ratinder Paul Singh, Deninger, William, Lakhani, Faizel, Christner, Joel

Granted Patent

US 8,850,591 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/692
CPC Class Codes

G06F 16/31   Indexing; Data structures t...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1491   using deception as counterm...

System and Method for Concept Building

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Concept Building

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links