Automatic data patch generation for unknown vulnerabilities
First Claim
Patent Images
1. A system comprising:
- at least one processing device; and
at least one computer-readable storage medium storing instructions which, when executed by the at least one processing device, cause the at least one processing device to;
analyze a data stream having an associated data format, the data stream comprising an attack,generate multiple probes having multiple different values for multiple different data fields of the data format of the data stream,test for a vulnerability to the attack using the multiple probes, andgenerate an attack predicate for the vulnerability, the attack predicate comprising a conjunction of multiple conditions on the multiple data fields of the data stream, the attack predicate being generated by;
relaxing a first condition of the multiple conditions, andrelaxing a second condition of the multiple conditions.
2 Assignments
0 Petitions
Accused Products
Abstract
The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
37 Citations
23 Claims
-
1. A system comprising:
-
at least one processing device; and at least one computer-readable storage medium storing instructions which, when executed by the at least one processing device, cause the at least one processing device to; analyze a data stream having an associated data format, the data stream comprising an attack, generate multiple probes having multiple different values for multiple different data fields of the data format of the data stream, test for a vulnerability to the attack using the multiple probes, and generate an attack predicate for the vulnerability, the attack predicate comprising a conjunction of multiple conditions on the multiple data fields of the data stream, the attack predicate being generated by; relaxing a first condition of the multiple conditions, and relaxing a second condition of the multiple conditions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method performed by at least one computer processing device, the method comprising:
-
detecting an exploit received from a data stream having an associated data format identifying multiple data fields of the data stream; creating multiple different probes based on the exploit by; using one or more of the multiple different probes to identify an individual field of the format that does not affect the exploit, and eliminating an individual condition on the individual field of the format that does not affect the exploit when generating additional probes of the multiple different probes; ascertaining whether the multiple different probes make evident at least one vulnerability; and automatically generating a data patch for the at least one vulnerability. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer-readable storage device storing instructions executable by a processing device that, when executed by the processing device, cause the processing device to perform operations comprising:
-
creating multiple different probes based on a received attack message that exploits at least one vulnerability, the received attack message having an associated protocol with multiple different protocol states; using the multiple different probes to identify a first protocol state in which the attack message is not sent and a second protocol state in which the attack message is sent; and dynamically creating a data patch to cure the at least one vulnerability, wherein the data patch; identifies the second protocol state in which the attack message is sent, and has an attack predicate that includes conditions on fields of the attack message that is sent in the second protocol state and excludes conditions on other fields of one or more other messages that are sent in the first protocol state. - View Dependent Claims (21, 22, 23)
-
Specification