Classification of software on networked systems
First Claim
1. A method to be executed by a processor operating in an electronic environment for classifying software in a network system, comprising:
- (a) determining a software received by a sensor is attempting to execute on a computing system of the sensor;
(b) classifying the software as authorized or unauthorized to execute on the computing system;
(c) gathering information on the software by the sensor and sending the information to one or more actuators for analysis and generation of a directive for one or more targets, if the software is classified as unauthorized to execute, wherein the gathering step (c) comprises;
(c1) preparing data about the execution attempt of the unauthorized software;
(c2) collecting ancillary data relevant to the one or more actuators for the analyzing the execution attempt and for generating directives for the one or more targets; and
(c3) sending the ancillary data to the one or more actuators, and wherein the ancillary data comprises;
network packets which encoded the unauthorized software;
source and destination IP addresses and ports indicating a network connection of the network packets which encoded the unauthorized software;
a packet payload signature or a packet header signature;
ora checksum of the unauthorized software.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.
151 Citations
8 Claims
-
1. A method to be executed by a processor operating in an electronic environment for classifying software in a network system, comprising:
-
(a) determining a software received by a sensor is attempting to execute on a computing system of the sensor; (b) classifying the software as authorized or unauthorized to execute on the computing system; (c) gathering information on the software by the sensor and sending the information to one or more actuators for analysis and generation of a directive for one or more targets, if the software is classified as unauthorized to execute, wherein the gathering step (c) comprises; (c1) preparing data about the execution attempt of the unauthorized software; (c2) collecting ancillary data relevant to the one or more actuators for the analyzing the execution attempt and for generating directives for the one or more targets; and (c3) sending the ancillary data to the one or more actuators, and wherein the ancillary data comprises; network packets which encoded the unauthorized software; source and destination IP addresses and ports indicating a network connection of the network packets which encoded the unauthorized software; a packet payload signature or a packet header signature;
ora checksum of the unauthorized software. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
a sensor coupled to a network system, wherein the sensor receives a software through the network system, wherein the sensor; determines that the received software is attempting to execute on a computing system of the sensor; classifies the software as authorized or unauthorized to execute on the computing system; gathers information on the unauthorized software and sends the information to one or more actuators for analysis and generation of a directive for one or more targets, if the software is classified as unauthorized to execute; prepares data about the execution attempt of the unauthorized software; collects ancillary data relevant to the one or more actuators for the analyzing the execution attempt and for generating directives for the one or more targets; and sends the ancillary data to the one or more actuators, and wherein the ancillary data comprises; network packets which encoded the unauthorized software; source and destination IP addresses and ports indicating a network connection of the network packets which encoded the unauthorized software; a packet payload signature or a packet header signature;
ora checksum of the unauthorized software.
-
8. A computer readable medium with program instructions for classification of software in a network system, comprising instructions for a processor to execute in an electronic environment, the instructions including:
-
determining a software received by a sensor is attempting to execute on a computing system of the sensor; classifying the software as authorized or unauthorized to execute on the computing system; gathering information on the software by the sensor and sending the information to one or more actuators for analysis and generation of a directive for one or more targets, if the software is classified as unauthorized to execute; preparing data about the execution attempt of the unauthorized software; collecting ancillary data relevant to the one or more actuators for the analyzing the execution attempt and for generating directives for the one or more targets; and sending the ancillary data to the one or more actuators, and wherein the ancillary data comprises; network packets which encoded the unauthorized software; source and destination IP addresses and ports indicating a network connection of the network packets which encoded the unauthorized software; a packet payload signature or a packet header signature;
ora checksum of the unauthorized software.
-
Specification