DETERMINING NETWORK SECURITY POLICIES DURING DATA CENTER MIGRATION AND DETECTING SECURITY VIOLATION

US 20170118244A1
Filed: 10/22/2015
Published: 04/27/2017
Est. Priority Date: 10/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving input data from a source environment wherein the source environment comprises a plurality of servers and one or more applications running on at least one of the servers;

discovering from the received data one or more patterns wherein the patterns comprise information regarding one or more of the plurality of servers running one or more of the applications that collectively perform a service;

analyzing the patterns to learn a recurring pattern;

determining a security policy for the recurring pattern; and

storing the recurring pattern and the security policy determined for the recurring pattern in a database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Input data are received from a source environment comprising a plurality of servers and one or more applications running on at least one of the servers. One or more patterns are discovered from the received data comprising information regarding the plurality of servers running applications that collectively perform a service. The patterns are analyzed to learn a recurring pattern. A security policy is designed for the recurring pattern. The recurring pattern and the security policy designed for the recurring pattern is stored in a database.

29 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving input data from a source environment wherein the source environment comprises a plurality of servers and one or more applications running on at least one of the servers;
  
  discovering from the received data one or more patterns wherein the patterns comprise information regarding one or more of the plurality of servers running one or more of the applications that collectively perform a service;
  
  analyzing the patterns to learn a recurring pattern;
  
  determining a security policy for the recurring pattern; and
  
  storing the recurring pattern and the security policy determined for the recurring pattern in a database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the input data further comprises:
    - discovery data comprising information regarding at least one of network connectivities and logical dependencies between the plurality of servers and the one or more applications in the source environment;
      
      application information data comprising application profiles of one or more virtual machines in the source environment and one or more types of services performed by the virtual machines; and
      
      security requirement data comprising at least one of compliance and client specific data.
  - 3. The method of claim 1, wherein learning the recurring pattern further comprises applying a multi-label learning algorithm to categorize the one or more discovered patterns.
  - 4. The method of claim 3, wherein the multi-label learning algorithm comprises training a Support Vector Machine (SVM) classifier for the received input data.
  - 5. The method of claim 1, wherein the determined security policy is in compliance with local and global firewall rules in the source environment.
  - 6. The method of claim 1, wherein non-compliance of the determined security policy with the local and global firewall rules indicates a security policy violation in the source environment.
  - 7. The method of claim 1, further comprising:
    - implementing the determined security policy in a destination data center environment;
      
      detecting a security policy violation during a steady-state operation;
      
      modifying the security policy for the recurring pattern; and
      
      updating the database with the modified security policy.

8. An apparatus, comprising:
- a memory; and
  
  a processor operatively coupled to the memory and configured to;
  
  receive input data from a source environment wherein the source environment comprises a plurality of servers and one or more applications running on at least one of the servers;
  
  discover from the received data one or more patterns wherein the patterns comprise information regarding one or more of the plurality of servers running one or more of the applications that collectively perform a service;
  
  analyze the patterns to learn a recurring pattern;
  
  determine a security policy for the recurring pattern; and
  
  store the recurring pattern and the security policy determined for the recurring pattern in a database.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the input data further comprises:
    - discovery data comprising information regarding at least one of network connectivities and logical dependencies between the plurality of servers and the one or more applications in the source environment;
      
      application information data comprising application profiles of one or more virtual machines in the source environment and one or more types of services performed by the virtual machines; and
      
      security requirement data comprising at least one of compliance and client specific data.
  - 10. The apparatus of claim 8, wherein learning the recurring pattern further comprises applying a multi-label learning algorithm to categorize the one or more discovered patterns.
  - 11. The apparatus of claim 10, wherein the multi-label learning algorithm comprises training a Support Vector Machine (SVM) classifier for the received input data.
  - 12. The apparatus of claim 8, wherein the determined security policy is in compliance with local and global firewall rules in the source environment.
  - 13. The apparatus of claim 8, wherein non-compliance of the determined security policy with the local and global firewall rules indicates a security policy violation in the source environment.
  - 14. The apparatus of claim 8, wherein the processor is further configured to:
    - implement the determined security policy in a destination data center environment;
      
      detect a security policy violation during a steady-state operation;
      
      modify the security policy for the recurring pattern; and
      
      update the database with the modified security policy.

15. An article of manufacture comprising a computer readable storage medium for storing computer readable program code which, when executed, causes a computer to:
- receive input data from a source environment wherein the source environment comprises a plurality of servers and one or more applications running on at least one of the servers;
  
  discover from the received data one or more patterns wherein the patterns comprise information regarding one or more of the plurality of servers running one or more of the applications that collectively perform a service;
  
  to analyze the patterns to learn a recurring pattern;
  
  to determine a security policy for the recurring pattern; and
  
  to store the recurring pattern and the security policy determined for the recurring pattern in a database.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The article of claim 15, wherein the input data further comprises:
    - discovery data comprising information regarding at least one of network connectivities and logical dependencies between the plurality of servers and the one or more applications in the source environment;
      
      application information data comprising application profiles of one or more virtual machines in the source environment and one or more types of services performed by the virtual machines; and
      
      security requirement data comprising at least one of compliance and client specific data.
  - 17. The article of manufacture of claim 15, wherein learning the recurring pattern further comprises applying a multi-label learning algorithm to categorize the one or more discovered patterns.
  - 18. The article of manufacture of claim 15, wherein the determined security policy is in compliance with local and global firewall rules in the source environment.
  - 19. The article of manufacture of claim 15, wherein non-compliance of the determined security policy with the local and global firewall rules indicates a security policy violation in the source environment.
  - 20. The article of manufacture of claim 15, further causing the computer to:
    - implement the determined security policy in a destination data center environment;
      
      detect a security policy violation during a steady-state operation;
      
      modify the security policy for the recurring pattern; and
      
      update the database with the modified security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hwang, Jinho, Jermyn, Jill L., Ramasamy, Harigovind V., BAI, KUN, Vukonic, Maja

Granted Patent

US 10,015,197 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

G06N 20/10   using kernel methods, e.g. ...

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/20   for managing network securi...

DETERMINING NETWORK SECURITY POLICIES DURING DATA CENTER MIGRATION AND DETECTING SECURITY VIOLATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DETERMINING NETWORK SECURITY POLICIES DURING DATA CENTER MIGRATION AND DETECTING SECURITY VIOLATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links