SECURITY PROTECTION RULE PREDICTION AND ENFORCEMENT

US 20200137103A1
Filed: 10/31/2018
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors, a description of a vulnerability of a computer system to a malicious attack;

performing, by the one or more processors, a Natural Language Processing (NLP) analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, wherein the risk information comprises an identity of a type of vulnerable computer system resource in the computer system that is vulnerable to the malicious attack;

comparing, by the one or more processors, the vulnerable computer system resource to a computer system resource in a particular computer system; and

in response to the vulnerable computer system resource matching the computer system resource in the particular computer system, performing, by the one or more processors, a mitigation action that mitigates a vulnerability of the computer system resource in the particular computer system to the malicious attack by reducing a functionality of the computer system resource in the particular computer system until a solution is implemented that mitigates the vulnerability of the particular computer system to the malicious attack.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method provides an intermediate mitigation of a vulnerability in a particular computer system. One or more processors receive a description of a vulnerability of a computer system to a malicious attack. The processor(s) perform an NLP analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, where the risk information includes an identity of a type of vulnerable computer system resource in the computer system. The processor(s) match the vulnerable computer system resource to a computer system resource in a particular computer system, and perform an intermediate mitigation action that reduces a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.

9 Citations

20 Claims

1. A method comprising:
- receiving, by one or more processors, a description of a vulnerability of a computer system to a malicious attack;
  
  performing, by the one or more processors, a Natural Language Processing (NLP) analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, wherein the risk information comprises an identity of a type of vulnerable computer system resource in the computer system that is vulnerable to the malicious attack;
  
  comparing, by the one or more processors, the vulnerable computer system resource to a computer system resource in a particular computer system; and
  
  in response to the vulnerable computer system resource matching the computer system resource in the particular computer system, performing, by the one or more processors, a mitigation action that mitigates a vulnerability of the computer system resource in the particular computer system to the malicious attack by reducing a functionality of the computer system resource in the particular computer system until a solution is implemented that mitigates the vulnerability of the particular computer system to the malicious attack.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the solution that mitigates the vulnerability of the particular computer system to the malicious attack also restores the functionality of the computer system resource in the particular computer system.
  - 3. The method of claim 1, wherein the vulnerability of the computer system to the malicious attack is from a set of newly-identified vulnerabilities, and wherein the set of newly-identified vulnerabilities are identified in a Common Vulnerability Exposure (CVE) listing that is generated by a third party that monitors vulnerabilities for multiple computer systems.
  - 4. The method of claim 1, further comprising:
    - autonomously developing, by the one or more processors, the mitigation action based on a protection rule template for responding to the vulnerability of the computer system to the malicious attack.
  - 5. The method of claim 4, further comprising:
    - inputting the description of the vulnerability of the computer system to the malicious attack into a Recurrent Neural Network (RNN); and
      
      training the RNN to generate the protection rule template based on the description of the vulnerability to the malicious attack.
  - 6. The method of claim 1, wherein the mitigation action is from a set of mitigation actions that include changing an access control list for access to the computer system resource in the particular computer system, changing a host-based agent for handling messages to the computer system resource in the particular computer system, and changing a configuration of the computer system resource in the particular computer system.
  - 7. The method of claim 1, further comprising:
    - receiving, by the one or more processors, a vendor patch for the vulnerability of the particular computer system to the malicious attack;
      
      applying, by the one or more processors, the vendor patch for the vulnerability to the particular computer system; and
      
      in response to applying the vendor patch for the vulnerability to the particular computer system, ceasing, by the one or more processors, the mitigation action from the particular computer system.

8. A computer program product comprising a computer readable storage medium having program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, and wherein the program code is readable and executable by a processor to perform a method comprising:
- receiving a description of a vulnerability of a computer system to a malicious attack;
  
  performing a Natural Language Processing (NLP) analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, wherein the risk information comprises an identity of a type of vulnerable computer system resource in the computer system that is vulnerable to the malicious attack;
  
  comparing the vulnerable computer system resource to a computer system resource in a particular computer system; and
  
  in response to the vulnerable computer system resource matching the computer system resource in the particular computer system, performing a mitigation action that mitigates a vulnerability of the computer system resource in the particular computer system to the malicious attack by reducing a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the vulnerability of the computer system to the malicious attack is from a set of newly-identified vulnerabilities, and wherein the set of newly-identified vulnerabilities are identified in a Common Vulnerability Exposure (CVE) listing that is generated by a third party that monitors vulnerabilities for multiple computer systems.
  - 10. The computer program product of claim 8, wherein the method further comprises:
    - autonomously developing the mitigation action based on a protection rule template for responding to the vulnerability of the computer system to the malicious attack;
      
      inputting the description of the vulnerability of the computer system to the malicious attack into a Recurrent Neural Network (RNN); and
      
      training the RNN to generate the protection rule template based on the description of the vulnerability to the malicious attack.
  - 11. The computer program product of claim 8, wherein the mitigation action is from a set of mitigation actions that include changing an access control list for access to the computer system resource in the particular computer system, changing a host-based agent for handling messages to the computer system resource in the particular computer system, and changing a configuration of the computer system resource in the particular computer system.
  - 12. The computer program product of claim 8, wherein the method further comprises:
    - receiving a vendor patch for the vulnerability of the particular computer system to the malicious attack;
      
      applying the vendor patch to the particular computer system; and
      
      in response to applying the vendor patch to the particular computer system, ceasing the mitigation action on the particular computer system.
  - 13. The computer program product of claim 8, wherein the program instructions are provided as a service in a cloud environment.

14. A computer system comprising one or more processors, one or more computer readable memories, and one or more computer readable non-transitory storage mediums, and program instructions stored on at least one of the one or more computer readable non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories, the stored program instructions executed to perform a method comprising:
- receiving a description of a vulnerability of a computer system to a malicious attack;
  
  performing a Natural Language Processing (NLP) analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, wherein the risk information comprises an identity of a type of vulnerable computer system resource in the computer system that is vulnerable to the malicious attack;
  
  comparing the vulnerable computer system resource to a computer system resource in a particular computer system; and
  
  in response to the vulnerable computer system resource matching the computer system resource in the particular computer system, performing a mitigation action that mitigates a vulnerability of the computer system resource in the particular computer system to the malicious attack by reducing a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer system of claim 14, wherein the vulnerability of the computer system to the malicious attack is from a set of newly-identified vulnerabilities, and wherein the set of newly-identified vulnerabilities are identified in a Common Vulnerability Exposure (CVE) listing that is generated by a third party that monitors vulnerabilities for multiple computer systems.
  - 16. The computer system of claim 14, wherein the method further comprises:
    - autonomously developing the mitigation action based on a protection rule template for responding to the vulnerability of the computer system to the malicious attack.
  - 17. The computer system of claim 16, wherein the method further comprises:
    - inputting the description of the vulnerability of the computer system to the malicious attack into a Recurrent Neural Network (RNN); and
      
      training the RNN to generate the protection rule template based on the description of the vulnerability to the malicious attack.
  - 18. The computer system of claim 14, wherein the mitigation action is from a set of mitigation actions that include changing an access control list for access to the computer system resource in the particular computer system, changing a host-based agent for handling messages to the computer system resource in the particular computer system, and changing a configuration of the computer system resource in the particular computer system.
  - 19. The computer system of claim 14, wherein the method further comprises:
    - receiving a vendor patch for the vulnerability of the particular computer system to the malicious attack;
      
      applying the vendor patch to the particular computer system; and
      
      in response to applying the vendor patch to the particular computer system, ceasing the mitigation action on the particular computer system.
  - 20. The computer system of claim 14, wherein the program instructions are provided as a service in a cloud environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
NGO, HUYANH D., BHATIA, AANKUR, PAQUIN, ADAM J., TUMMALAPENTA, SRINIVAS B.

Granted Patent

US 11,374,958 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 40/20   Natural language analysis s...

G06F 40/30   Semantic analysis

G06F 8/65   Updates security arrangemen...

G06N 3/044   Recurrent networks, e.g. Ho...

G06N 3/08   Learning methods

G06N 3/084   Backpropagation, e.g. using...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

SECURITY PROTECTION RULE PREDICTION AND ENFORCEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY PROTECTION RULE PREDICTION AND ENFORCEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links