COMPUTER DEFENSES AND COUNTERATTACKS
First Claim
1. A system comprising:
- a processing system including one or more processors;
memory accessible to the processing system, wherein the memory stores instructions executable by at least one processor of the one or more processors to cause the at least one processor to perform operations comprising;
instantiating a first detection agent based on detection criteria, wherein the first detection agent includes first program code executable by a second processor to monitor network activity;
sending the first program code of the first detection agent to a remote computing device for execution, wherein, when the first program code of the first detection agent is executed at the remote computing device, the first detection agent causes network activity data to be transmitted to the processing system, and wherein the processing system updates the detection criteria based on the network activity data to generate updated detection criteria;
instantiating a second detection agent based on the updated detection criteria wherein the second detection agent includes second program code; and
sending second program code of the second detection agent to the remote computing device for execution.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes instantiating a first detection agent based on detection criteria, where the first detection agent includes first program code executable by a second computing device to monitor network activity. The method further includes sending the first program code of the first detection agent to the second computing device for execution. When the first program code of the first detection agent is executed at the second computing device, the first detection agent causes network activity data to be transmitted to a network monitor, and the network monitor updates the detection criteria based on the network activity data to generate updated detection criteria. The method also includes instantiating a second detection agent based on the updated detection criteria and sending second program code of the second detection agent to the second computing device for execution.
-
Citations
20 Claims
-
1. A system comprising:
-
a processing system including one or more processors; memory accessible to the processing system, wherein the memory stores instructions executable by at least one processor of the one or more processors to cause the at least one processor to perform operations comprising; instantiating a first detection agent based on detection criteria, wherein the first detection agent includes first program code executable by a second processor to monitor network activity; sending the first program code of the first detection agent to a remote computing device for execution, wherein, when the first program code of the first detection agent is executed at the remote computing device, the first detection agent causes network activity data to be transmitted to the processing system, and wherein the processing system updates the detection criteria based on the network activity data to generate updated detection criteria; instantiating a second detection agent based on the updated detection criteria wherein the second detection agent includes second program code; and sending second program code of the second detection agent to the remote computing device for execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
instantiating, at a first computing device, a first detection agent based on detection criteria, wherein the first detection agent includes first program code executable by a second computing device to monitor network activity; sending the first program code of the first detection agent to the second computing device for execution, wherein, when the first program code of the first detection agent is executed at the second computing device, the first detection agent causes network activity data to be transmitted to a processing system, and wherein the processing system updates the detection criteria based on the network activity data to generate updated detection criteria; instantiating, at the first computing device, a second detection agent based on the updated detection criteria; and sending second program code of the second detection agent to the second computing device for execution. - View Dependent Claims (16, 17)
-
-
18. A computer-readable storage device storing instructions that are executable by a processor to cause the processor to perform operations comprising:
-
instantiating a first detection agent based on detection criteria, wherein the first detection agent includes first program code executable by a remote computing device to monitor network activity; sending the first program code of the first detection agent to the remote computing device for execution, wherein, when the first program code of the first detection agent is executed at the remote computing device, the first detection agent causes network activity data to be transmitted to a processing system, and wherein the processing system updates the detection criteria based on the network activity data to generate updated detection criteria; instantiating a second detection agent based on the updated detection criteria; and sending second program code of the second detection agent to the remote computing device for execution. - View Dependent Claims (19, 20)
-
Specification