RESOURCE CLASSIFICATION USING RESOURCE REQUESTS

US 20160142432A1
Filed: 06/20/2013
Published: 05/19/2016
Est. Priority Date: 06/20/2013
Status: Active Grant

First Claim

Patent Images

1. A processor-readable medium storing code representing instructions that when executed at a processor cause the processor to:

identify a plurality of resource requests, each resource request from the plurality of resource requests associated with a resource from a plurality of resources by a resource identifier of that resource;

generate a plurality of resource access measures based on the plurality of resource requests, each resource access measure from the plurality of resource access measures associated with a resource from the plurality of resources;

apply a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure; and

assign a security classification to each resource from the plurality of resources based on the classification result for that resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, a resource classification system identifies a plurality of resource requests and generates a plurality of resource access measures based on the plurality of resource requests. Each resource request from the plurality of resource requests is associated with a resource from a plurality of resources by a resource identifier of that resource. Each resource access measure from the plurality of resource access measures is associated with a resource from the plurality of resources. The resource classification system applies a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure, and assign a security classification to each resource from the plurality of resources based on the classification result for that resource.

28 Citations

View as Search Results

15 Claims

1. A processor-readable medium storing code representing instructions that when executed at a processor cause the processor to:
- identify a plurality of resource requests, each resource request from the plurality of resource requests associated with a resource from a plurality of resources by a resource identifier of that resource;
  
  generate a plurality of resource access measures based on the plurality of resource requests, each resource access measure from the plurality of resource access measures associated with a resource from the plurality of resources;
  
  apply a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure; and
  
  assign a security classification to each resource from the plurality of resources based on the classification result for that resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The processor-readable medium of claim 1, wherein the plurality of resource requests include Domain Name System requests and Hypertext Transfer Protocol requests.
  - 3. The processor-readable medium of claim 1, whereinthe plurality of resource requests is a first plurality of resource requests,the plurality of resource access measures is generated at a first time, andthe security classification assigned to each resource from the plurality of resources is a first security classification assigned to that resource before a second time,the processor-readable medium further storing code representing instructions that when executed at the processor cause the processor to:
    - update, at the second time after the first time, the plurality of resource access measures based on a second plurality of resource requests and not based on the first plurality of resource requests;
      
      apply, after the second time, the classifier to each resource access measure from the plurality of resource access measures; and
      
      assign a second security classification to each resource from the plurality of resources based on a classification result from application of the classifier, after the second time, to the resource access measure from the plurality of resource access measures associated with that resource.
  - 4. The processor-readable medium of claim 1, whereinthe plurality of resource requests is a first plurality of resource requests,the plurality of resource access measures is generated at a first time, andthe security classification assigned to each resource from the plurality of resources is a first security classification assigned to that resource before a second time,the processor-readable medium further storing code representing instructions that when executed at the processor cause the processor to:
    - update, at the second time after the first time, the plurality of resource access measures based on a second plurality of resource requests and not based on the first plurality of resource requests;
      
      modify the classifier using resource access measures from the plurality of resource access measures associated with resources from the plurality of resources having known security classifications;
      
      apply, after the second time, the classifier to each resource access measure from the plurality of resource access measures; and
      
      assign a second security classification to each resource from the plurality of resources based on a classification result from application of the classifier, after the second time, to the resource access measure from the plurality of resource access measures associated with that resource.
  - 5. The processor-readable medium of claim 1, wherein the code representing instructions that when executed at the processor cause the processor to generate the plurality of resource access measures includes code representing instructions that when executed at the processor cause the processor to:
    - determine a sub-resource access measure for that resource from the plurality of resource requests.
  - 6. The processor-readable medium of claim 1, wherein the code representing instructions that when executed at the processor cause the processor to generate the plurality of resource access measures includes code representing instructions that when executed at the processor cause the processor to:
    - determine a host access measure for that resource, a group access measure for that resource, a sub-resource access measure for that resource, or a combination thereof from the plurality of resource requests.

7. A resource classification method, comprising:
- accessing a plurality of resource request records representing resource requests for a plurality of resources, each resource request record from the plurality of resource request records associated with a resource from the plurality of resources by a resource identifier of that resource;
  
  generating a plurality of resource access measures from the resource request records for each resource from the plurality of resources;
  
  applying a classifier to the plurality of resource access measures for each resource from the plurality of resources; and
  
  assigning a security classification to the plurality of resources for each resource from the plurality of resources based on a classification result from application of the classifier to the plurality of resource access measures associated with that resource.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein:
    - the plurality of resource request records include Domain Name System request records and Hypertext Transfer Protocol request records.
  - 9. The method of claim 7, wherein generating a plurality of resource access measures from the resource request records for each resource from the plurality of resources includes determining a sub-resource access measure for that resource.
  - 10. The method of claim 7, wherein generating a plurality of resource access measures from the resource request records for each resource from the plurality of resources includes determining a host access measure for that resource, a group access measure for that resource, a sub-resource access measure for that resource, or a combination thereof from the plurality of resource request records.
  - 11. The method of claim 7, further comprising:
    - modifying the classifier using resource access measures from the plurality of resource access measures associated with resources from the plurality of resources having known security classifications.

12. A resource classification system, comprising:
- a resource access measurement module to generate a plurality of resource access measures based on a plurality of resource requests, each resource access measure from the plurality of resource access measures associated with a resource from the plurality of resources;
  
  a classifier module to define a classifier using resource access measures from the plurality of resource access measures associated with resources from the plurality of resources having known security classifications, and to apply the classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure; and
  
  a security module to assign a security classifier to each resource from the plurality of resources based on the classification result for that resource.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, further comprising:
    - a resource request module to receive a plurality of resource request records associated with the plurality of resource requests from a plurality of resource authorities.
  - 14. The system of claim 12, wherein:
    - the plurality of resource requests is a first plurality of resource requests;
      
      the plurality of resource access measures is a first plurality of resource access measures generated at the resource access measurement module a first time;
      
      the resource access measurement module is configured to update at a second time a second plurality of resource access measures based on a second plurality of resource requests, each resource access measure from the second plurality of resource access measures associated with a resource from the plurality of resources; and
      
      the classifier module is configured to update the classifier using resource access measures from the second plurality of resource access measures associated with the resources from the plurality of resources having known security classifications.
  - 15. The system of claim 12, wherein:
    - the resource access measurement module is configured to determine from the plurality of resource requests at least one of a host access measure for each resource from the plurality of resources, a group access measure each resource from the plurality of resources, or a sub-resource access measure for each resource from the plurality of resources to generate the plurality of resource access measures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Home, William G., Manadhata, Pratyusa K, Rao, Prasad V

Granted Patent

US 10,122,722 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

RESOURCE CLASSIFICATION USING RESOURCE REQUESTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

RESOURCE CLASSIFICATION USING RESOURCE REQUESTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links