System for regulating host security configuration
First Claim
1. A method of regulating communications between a server and a plurality of hosts, said server having a processor and a memory device storing processor executable instructions, said method comprising:
- associating a monitoring period τ
* with a target host from among said plurality of hosts;
executing a process for determining a current host-protection configuration for said target host;
where said current host-protection configuration differs from a prior host-protection configuration;
installing said current host-protection configuration in said target host;
recording a current reconfiguration-time indicator;
determining a current reconfiguration period τ
as a difference between said current reconfiguration-time indicator and a prior reconfiguration-time indicator; and
updating said monitoring period τ
* as τ
* ←
(τ
*+τ
)/2; and
scheduling a subsequent execution of said process according to said monitoring period.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for dynamically revising host-intrusion-protection configurations according to varying host state and changing intrusion patterns are disclosed. A set of local servers, each functioning as a deep-security manager supporting a respective subset of the hosts, maintains and updates protection software containing filters and rules for deploying each filter. A local server cyclically monitors each host of its subset of hosts at time instants separated by adjustable monitoring periods to acquire host-characterizing data and determine an optimal set of filters. The local server maintains a profile for each host and determines a current monitoring period for a host according to the host'"'"'s current profile. The processing effort is reduced by judicial adjustment of successive monitoring periods and selectively tailoring the host-characterizing data to the conditions of each host.
46 Citations
14 Claims
-
1. A method of regulating communications between a server and a plurality of hosts, said server having a processor and a memory device storing processor executable instructions, said method comprising:
-
associating a monitoring period τ
* with a target host from among said plurality of hosts;executing a process for determining a current host-protection configuration for said target host; where said current host-protection configuration differs from a prior host-protection configuration; installing said current host-protection configuration in said target host; recording a current reconfiguration-time indicator; determining a current reconfiguration period τ
as a difference between said current reconfiguration-time indicator and a prior reconfiguration-time indicator; andupdating said monitoring period τ
* as τ
* ←
(τ
*+τ
)/2; andscheduling a subsequent execution of said process according to said monitoring period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of regulating communications between a server and a plurality of hosts, said server having a processor and a memory device storing processor executable instructions, said method comprising:
-
associating a monitoring period τ
* with a target host;initializing to zero each of a first sum Σ
1, a second sum Σ
2, entry m of a vector Vm, and entry m a vector Wm, 0≦
m<
κ
, where κ
>
1 is a predefined parameter;initializing a cyclic event counter j to −
1;executing a process for determining a current host-protection configuration for said target host; where said current host-protection configuration differs from a prior host-protection configuration; installing said current host-protection configuration in said target host; recording a current reconfiguration-time indicator; for j≧
0determining a current reconfiguration period τ
as a difference between said current reconfiguration-time indicator and a prior reconfiguration-time indicator;performing the operations j←
(j+1)modulo κ
, Σ
1←
Σ
1+(τ
−
Vj), Σ
2←
Σ
2+(τ
2Wj), Vj←
τ and
Wj←
τ
2, anddetermining a monitoring period according to Σ
1 and Σ
2;for j<
0, setting said event counter j to zero;and; scheduling a subsequent execution of said process according to said monitoring period. - View Dependent Claims (11, 12, 13, 14)
-
Specification