SOFTWARE ATTACK DETECTION DEVICE, NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, AND SOFTWARE ATTACK DETECTION METHOD

US 20180150633A1
Filed: 11/22/2017
Published: 05/31/2018
Est. Priority Date: 11/28/2016
Status: Active Grant

First Claim

Patent Images

1. A software attack detection device, the device comprising:

a memory; and

a processor coupled to the memory and the processor configured to execute a process, the process including;

generating at least one notification in response to at least one countermeasure process applied to a program to address a vulnerability to a software attack, each of the at least one notification including a countermeasure identifier to identify a countermeasure process performed;

monitoring the at least one generated notification; and

determining presence of the software attack based on the monitoring.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software detection device, the device including a memory and a processor coupled to the memory and the processor configured to execute a process, the process including generating at least one notification in response to at least one countermeasure process applied to a program to address a vulnerability to a software attack, each of the at least one notification including a countermeasure identifier to identify a countermeasure process performed, monitoring the at least one generated notification, and determining presence of the software attack based on the monitoring.

Citations

20 Claims

1. A software attack detection device, the device comprising:
- a memory; and
  
  a processor coupled to the memory and the processor configured to execute a process, the process including;
  
  generating at least one notification in response to at least one countermeasure process applied to a program to address a vulnerability to a software attack, each of the at least one notification including a countermeasure identifier to identify a countermeasure process performed;
  
  monitoring the at least one generated notification; and
  
  determining presence of the software attack based on the monitoring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The software attack detection device according to claim 1, whereinthe at least one notification further includes at least one of an identifier of the program having the vulnerability and an identifier of a process of the program relating to the vulnerability.
  - 3. The software attack detection device according to claim 1, whereinthe memory stores monitoring information relating to the at least one notification.
  - 4. The software attack detection device according to claim 3, whereinthe monitoring information includes at least one of the countermeasure identifier of the countermeasure process performed, a date and time the countermeasure process was performed, a process of the program having the vulnerability the countermeasure process was performed to address, an alert level of the countermeasure process performed, a corrective action associated with the countermeasure process, and an alert level of the corrective action.
  - 5. The software attack detection device according to claim 4, wherein the process further includes:
    - deciding whether an alert condition is satisfied based on the monitored at least one notification and the monitoring information stored in the memory, andtriggering an alert when the alert condition is satisfied indicating a device including the software detection device experienced the software attack.
  - 6. The software attack detection device according to claim 5, whereinthe triggered alert causes an output to a user of the device, the output including at least one of a display of a message on a display of the device and an audible output of the device to indicate the software attack.
  - 7. The software attack detection device according to claim 5, whereinthe triggered alert causes the corrective action to be performed, the correction action including at least one of the device to power off, deletion of the process of the program having the vulnerability the countermeasure process was performed to address, uninstallation of the program having the vulnerability, and display of a message on a display of the device.
  - 8. The software attack detection device according to claim 1, whereina plurality of countermeasure processes are applied to the program;
    - and whereinthe determining determines the presence of the software attack based on a combination of countermeasure processes, included in the plurality of countermeasure processes,the combination of countermeasure processes being identified by countermeasure identifiers within the at least one notification.
  - 9. The software attack detection device according to claim 8, whereinthe determining determines the presence of the software attack based on an order of occurrence of the countermeasure processes, included in the plurality of countermeasure processes.
  - 10. The software attack detection device according to claim 1, whereinthe determining determines the presence of the software attack based on a number of at least one countermeasure process identified within the at least one notification.
  - 11. The software attack detection device according to claim 1, whereinthe determining determines the presence of the software attack based on an alert level corresponding to the at least one countermeasure process.
  - 12. The software attack detection device according to claim 4, wherein the process further includes:
    - obtaining a number of countermeasure processes performed that are associated with a same process based on the monitoring information.

13. A non-transitory computer-readable storage medium storing a program that causes a computer to execute a process, the process comprising:
- generating at least one notification in response to at least one countermeasure process applied to the program to address a vulnerability to a software attack, each of the at least one notification including a countermeasure identifier to identify a countermeasure process performed;
  
  monitoring the at least one generated notification; and
  
  determining presence of the software attack based on the monitoring.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer-readable storage medium according to claim 13, whereinthe process further includes storing monitoring information relating to the at least one notification.
  - 15. The non-transitory computer-readable storage medium according to claim 14, whereinthe monitoring information includes at least one of the countermeasure identifier of the countermeasure process performed, a date and time the countermeasure process was performed, a process of the program having the vulnerability the countermeasure process was performed to address, an alert level of the countermeasure process performed, a corrective action associated with the countermeasure process, and an alert level of the corrective action.
  - 16. The non-transitory computer-readable storage medium according to claim 15, wherein the process further includes:
    - deciding whether an alert condition is satisfied based on the monitored at least one notification and the monitoring information; and
      
      triggering an alert when the alert condition is satisfied indicating a device including the program experienced the software attack.

17. A software attack detection method executed by a computer, the software attack detection method comprising:
- generating at least one notification in response to at least one countermeasure process applied to a program to address a vulnerability to a software attack, each of the at least one notification including a countermeasure identifier to identify a countermeasure process performed;
  
  monitoring the at least one generated notification; and
  
  determining presence of the software attack based on the monitoring.
- View Dependent Claims (18, 19, 20)
- - 18. The software attack detection method according to claim 17, further comprising:
    - storing monitoring information relating to the at least one notification.
  - 19. The software attack detection method according to claim 18, wherein the monitoring information includes at least one of the countermeasure identifier of the countermeasure process performed, a date and time the countermeasure process was performed, a process of the program having the vulnerability the countermeasure process was performed to address, an alert level of the countermeasure process performed, a corrective action associated with the countermeasure process, and an alert level of the corrective action.
  - 20. The software attack detection method according to claim 18, further comprising:
    - deciding whether an alert condition is satisfied based on the monitored at least one notification and the monitoring information; and
      
      triggering an alert when the alert condition is satisfied indicating a device including the program experienced the software attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Furukawa, Kazuyoshi, TAKENAKA, Masahiko, KOKUBO, Hirotaka

Granted Patent

US 10,872,147 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

SOFTWARE ATTACK DETECTION DEVICE, NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, AND SOFTWARE ATTACK DETECTION METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SOFTWARE ATTACK DETECTION DEVICE, NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, AND SOFTWARE ATTACK DETECTION METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links