Method of generating security rule-set and system thereof
First Claim
1. A method of generating a security rule-set using a computer comprising a processor operatively coupled to a memory, the method comprising:
- a) obtaining in the memory a group of log records of communication events resulting from traffic related to the security gateway;
b) generating by the processor, a preliminary rule-set of permissive rules, said set covering the obtained group of log records;
c) generating, by the processor and with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and
d) generating, by the processor, an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records,wherein generating the operational rule-set comprises recursive dividing the rules in respective preliminary rule-set and generating a respective rule-set of non-overlapping rules until the generated rule-set of non-overlapping rules matches a predefined criterion.
4 Assignments
0 Petitions
Accused Products
Abstract
There are provided a method of automated generation of a security rule-set and a system thereof. The method comprises: obtaining a group of log records of communication events resulting from traffic related to the security gateway; generating a preliminary rule-set of permissive rules, said set covering the obtained group of log records; generating, with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the group of log records; and generating an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records.
-
Citations
18 Claims
-
1. A method of generating a security rule-set using a computer comprising a processor operatively coupled to a memory, the method comprising:
-
a) obtaining in the memory a group of log records of communication events resulting from traffic related to the security gateway; b) generating by the processor, a preliminary rule-set of permissive rules, said set covering the obtained group of log records; c) generating, by the processor and with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and d) generating, by the processor, an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records, wherein generating the operational rule-set comprises recursive dividing the rules in respective preliminary rule-set and generating a respective rule-set of non-overlapping rules until the generated rule-set of non-overlapping rules matches a predefined criterion. - View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10)
-
-
6. A method of generating a security rule-set using a computer comprising a processor operatively coupled to a memory, the method comprising:
-
a) obtaining in the memory a group of log records of communication events resulting from traffic related to the security gateway; b) generating by the processor, a preliminary rule-set of permissive rules, said set covering the obtained group of log records; c) generating, by the processor and with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and d) generating, by the processor, an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records, wherein generating the preliminary rule-set comprises defining an address space covering the obtained group of log records and generating 2R permissive rules, wherein each of R non-overlapping equal-size rules controls respective part of traffic resulting from dividing the destination range characterizing said defined address space into R parts whilst maintaining the source range of said address space, and wherein each of other R non-overlapping rules controls a respective part of traffic resulting from dividing the source range of said defined address space into R parts whilst maintaining the destination range of said address space, and wherein R is natural number R>
1.
-
-
11. A system capable of automated generation of a security rule-set, the system comprising:
-
an interface operable to obtain a group of log records of communication events resulting from traffic related to the security gateway; a memory operatively coupled to the interface and operable to store the obtained group of log records; and a processor operatively coupled to the memory and operable to; generate a preliminary rule-set of permissive rules, said set covering the obtained group of log records; generate, with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and generate an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records, wherein the generation of the operational rule-set comprises recursive dividing the rules in respective preliminary rule-set and generating a respective rule-set of non-overlapping rules until the generated rule-set of non-overlapping rules matches a predefined criterion, thus giving rise to the operational rule-set. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
12. A system capable of automated generation of a security rule-set, the system comprising:
-
an interface operable to obtain a group of log records of communication events resulting from traffic related to the security gateway; a memory operatively coupled to the interface and operable to store the obtained group of log records; and a processor operatively coupled to the memory and operable to; generate a preliminary rule-set of permissive rules, said set covering the obtained group of log records; generate, with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and generate an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records, wherein the generation of the preliminary rule-set comprises defining an address space covering the obtained group of log records and generating 2R permissive rules, wherein each of R non-overlapping equal-size rules controls respective part of traffic resulting from dividing the destination range characterizing said defined address space into R parts whilst maintaining the source range of said address space, and wherein each of other R non-overlapping rules controls a respective part of traffic resulting from dividing the source range of said defined address space into R parts whilst maintaining the destination range of said address space, and wherein R is natural number R>
1.
-
-
18. A computer program product comprising a non-transitory computer useable medium having computer readable program code embodied therein for automated generation of a security rule-set, the computer program product comprising:
-
a) computer readable program code for enabling the computer to obtain a group of log records of communication events resulting from traffic related to the security gateway; b) computer readable program code for enabling the computer to generate a preliminary rule-set of permissive rules, said set covering the obtained group of log records; c) computer readable program code for enabling the computer to generate, with the help of mapping the generated preliminary rule-set to the obtained group of log records, a rule-set of non-overlapping rules covering the obtained group of log records; and d) computer readable program code for enabling the computer to generate an operational rule-set by processing the generated rule-set of non-overlapping rules, said processing including mapping the generated rule-set of non-overlapping rule to the obtained group of log records, wherein generating the operational rule-set comprises recursive dividing the rules in respective preliminary rule-set and generating a respective rule-set of non-overlapping rules until the generated rule-set of non-overlapping rules matches a predefined criterion.
-
Specification