Dynamic depth inspection
First Claim
Patent Images
1. A method for detecting network threats comprising:
- performing, using at least one processor, a mandatory threat detection procedure on data received via a network;
determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on;
resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures;
a frequency at which each of the plurality of optional threat detection procedures should be performed; and
a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and
performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.
3 Assignments
0 Petitions
Accused Products
Abstract
Detecting network threats through dynamic depth inspection is disclosed. A mandatory threat detection procedure is performed on data received via a network. It is determined probabilistically whether to perform an optional threat detection procedure on at least a portion of the data. The optional threat detection procedure is then performed if it is determined that it should be performed.
-
Citations
17 Claims
-
1. A method for detecting network threats comprising:
-
performing, using at least one processor, a mandatory threat detection procedure on data received via a network; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on; resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for detecting network threats comprising:
-
a communication interface configured to receive data received via a network; and a processor configured to; perform a mandatory threat detection procedure on the data; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on; resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.
-
-
17. A computer program product for detecting network threats, the computer program product being embodied in a computer readable storage medium and comprising computer instructions for:
-
performing a mandatory threat detection procedure on data received via a network; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on; resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.
-
Specification