Systems and methods for adaptive message interrogation through multiple queues
First Claim
1. A security system for interrogation of a communication transmitted over a communication network, the system comprising:
- a) receiving means for receiving a communication transmitted over a communication network;
b) storing means for storing a received communication and a plurality of index queues;
c) assignment means for assigning a selected index to a stored communication;
d) interrogation engine management means for executing a plurality of interrogation engines, wherein the interrogation engines have a test type and an index queue in a queue data store associated with it, and wherein the interrogation engines;
1) monitors its associated index queue for a placed index;
2) retrieves the communication associated with the placed index from a message data store;
3) assesses the retrieved communication against a set of one or more criteria related to the interrogation engine'"'"'s test type; and
4) outputs an assessment indicator indicating results of assessing the retrieved communication with respect to the set of one or more criteria; and
e) index placement means for placing the selected index in an index queue associated with an interrogation engine, wherein the index placement means places the selected index into the index queue of a first interrogation engine responsive to assignment of the selected index by the index assignment means and wherein the index placement means places the selected index into the index queue associated with an interrogation engine having a type differing from any interrogation engine that previously assessed the communication associated with the selected index responsive to an assessment indicator output by an interrogation engine that previously assessed the communication.
14 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to systems and methods for enhancing electronic communication security. An electronic communication is received and stored. A plurality of risk assessments are made with respect to the received communication thereby generating a risk profile associated with the communication. The assessments are made in a sequential manner by assigning the stored communication and index and serially placing the index on queue associated with interrogation engines that perform the various assessments. The index is initially placed in a queue associated with an interrogation engine performing the first type of assessment on the communication. The index is placed in a subsequent queue only after the interrogation engine associated with the prior queue in which the index was placed has assessed the communication. This is repeated until all desired assessments have been performed. Each assessment may result in the output of an assessment indicator that indicates the results of the particular assessment.
-
Citations
20 Claims
-
1. A security system for interrogation of a communication transmitted over a communication network, the system comprising:
-
a) receiving means for receiving a communication transmitted over a communication network; b) storing means for storing a received communication and a plurality of index queues; c) assignment means for assigning a selected index to a stored communication; d) interrogation engine management means for executing a plurality of interrogation engines, wherein the interrogation engines have a test type and an index queue in a queue data store associated with it, and wherein the interrogation engines; 1) monitors its associated index queue for a placed index; 2) retrieves the communication associated with the placed index from a message data store; 3) assesses the retrieved communication against a set of one or more criteria related to the interrogation engine'"'"'s test type; and 4) outputs an assessment indicator indicating results of assessing the retrieved communication with respect to the set of one or more criteria; and e) index placement means for placing the selected index in an index queue associated with an interrogation engine, wherein the index placement means places the selected index into the index queue of a first interrogation engine responsive to assignment of the selected index by the index assignment means and wherein the index placement means places the selected index into the index queue associated with an interrogation engine having a type differing from any interrogation engine that previously assessed the communication associated with the selected index responsive to an assessment indicator output by an interrogation engine that previously assessed the communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of interrogating a communication transmitted over a communication network, the method comprising the steps of:
-
a) receiving data transmitted over a communication network; b) assigning an interrogation index to the received data; c) executing a plurality of interrogation engines, wherein the interrogation engines are of a different type and have interrogation queues associated with the interrogation engines, respectively, wherein the interrogation engines are configured to perform an assessment of the received data responsive to position of the received data in the associated interrogation queue; d) successively placing the interrogation index into the interrogation queues associated with the plurality of interrogation engines, respectively.
-
-
18. A system for interrogating a communication transmitted over a communication network, comprising:
-
a) a communications interface configured to receive data transmitted over a communication network, and transmit interrogated data to an intended destination; b) indexing logic configured to index the received data into one of a plurality of interrogation queues, the indexing logic being further configured to guide the received data through the interrogation queues; and c) a plurality of interrogation engines, the interrogation engines being respectively associated with the plurality of interrogation queues, the interrogation engines being configured to perform tests on the received data, the plurality of interrogation engines producing interrogated data comprising the received data and the interrogation results; wherein the interrogation engines perform tests on the received data prior to sending interrogated data to the communications interface for transmission to the intended destination.
-
-
19. A system for detecting anomalies in data communications on a communications network, comprising:
-
a data layer configured to receive unprocessed data from a communications network, and transmit processed data to an intended destination via the communications network; a queuing layer configured to queue unprocessed data for a plurality of interrogation engines; an interrogation layer configured to receive unprocessed data from the queuing layer and perform a plurality of tests on the unprocessed data responsive to a plurality of interrogation engines, wherein the interrogation engines produce a plurality of output logs; and an anomaly detection layer configured to receive the plurality of output logs from the interrogation layer, wherein the anomaly detection engine uses configuration data and the output log to detect anomalies in the unprocessed data, and wherein the anomaly detection layer is configured to output alerts responsive to the anomaly detection engine.
-
-
20. One or more computer readable memories for storing index queues for access by a plurality of interrogation engines, said interrogation engines being executable on a data processing system, wherein an interrogation queue comprises a data structure that stores an index;
- wherein the index is used in processing a communication received over a communication interface;
wherein an index queue is associated with an interrogation engine having a test type, wherein an index is assigned to a communication received over the communication interface, the index comprising a queue place index and a queue select index;
wherein an interrogation engine;1) monitors its associated index queue for the queue place index; 2) retrieves the communication responsive to the queue place index; 3) assesses the retrieved communication against a set of one or more criteria related to the interrogation engine'"'"'s test type; and 4) outputs an assessment indicator indicating results of assessing the retrieved communication with respect to the set of one or more criteria;
wherein the index is updated responsive to the interrogation engine output;wherein the queue select index identifies at least one of the index queues, and is initially placed into the index queue associated with a first interrogation engine, wherein the first interrogation engine has a first test type; wherein, responsive to the assessment indicator output by the first interrogation engine, the queue select index is placed into the index queue associated with a second interrogation engine, wherein the second interrogation engine has a second test type that differs from the first test type.
- wherein the index is used in processing a communication received over a communication interface;
Specification