Classification of software on networked systems
First Claim
1. A method, comprising:
- receiving information from a sensor, wherein the information relates to a software classified by the sensor as unauthorized to execute on a computing system of the sensor;
evaluating one or more pieces of data that includes the information, wherein the evaluating includes collating the one or more pieces of data;
determining if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to a directive specifying an action based on the subset;
identifying the target type;
generating the directive for the identified target type; and
communicating the directive to one or more targets of the identified target type.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving information from a sensor, wherein the information relates to a software classified by the sensor as unauthorized to execute on a computing system of the sensor; evaluating one or more pieces of data that includes the information, wherein the evaluating includes collating the one or more pieces of data; determining if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to a directive specifying an action based on the subset; identifying the target type; generating the directive for the identified target type; and communicating the directive to one or more targets of the identified target type. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
receiving a directive from an actuator, wherein the directive comprises a result of an analysis of an attempted execution by a software on a computing system of a sensor, wherein the software was classified by the sensor as unauthorized to execute on the computing system of the sensor, wherein the analysis comprises; evaluating one or more pieces of data that includes information related to the attempted execution, wherein the evaluating comprises collating the one or more pieces of data; determining if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to the directive, wherein the directive specifies an action based on the subset; identifying the target type; generating the directive for the identified target type; and performing an action on one or more targets of the identified target type based on the directive. - View Dependent Claims (9, 10, 11)
-
-
12. An apparatus, comprising:
at least one actuator coupled to a network system, wherein the at least one actuator; receives information from a sensor, wherein the information relates to a software unauthorized to execute on a computer system of the sensor; evaluates one or more pieces of data that includes the information, including by collating the one or more pieces of data; determines if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to a directive, wherein the directive specifies an action based on the subset; identifying the target type; generating the directive for the identified target type; and distributes the directive to one or more targets of the identified target type. - View Dependent Claims (13, 14, 15, 16, 17)
-
18. Logic encoded in a computer that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving information from a sensor on a software, wherein the software was classified by the sensor as unauthorized to execute on a computing system of the sensor, wherein the information is related to an attempted execution of the software on the computing system; evaluating one or more pieces of data that includes the information, wherein the evaluating comprises collating the one or more pieces of data; determining if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to the directive, wherein a directive specifies an action based on the subset; identifying the target type; generating the directive for the identified target type; and communicating the directive to one or more targets of the identified target type. - View Dependent Claims (20)
-
-
19. Logic encoded in a computer that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving a directive from an actuator, wherein the directive comprises a result of an analysis of an attempted execution by a software on a computing system of a sensor, wherein the software was classified as unauthorized to execute on the computing system of the sensor, wherein the analysis comprises; evaluating one or more pieces of data that includes information related to the attempted execution, wherein the evaluating comprises collating the one or more pieces of data; determining if any subset of the data can represent an identifier of the unauthorized software, wherein the subset is recognizable by a target type comprising a functionality of a target to update a response according to the directive, wherein the directive specifies an action based on the subset; identifying the target type; generating the directive for the identified target type; and performing an action on a target of the identified target type based on the directive.
-
Specification