System and method for resolving operating system or service identity conflicts

US 8,671,182 B2
Filed: 06/22/2010
Issued: 03/11/2014
Est. Priority Date: 06/22/2010
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor device configured to;

receive reports of operating system identities for a single host;

determine a report-type of each of the reports, wherein a report-type is a type of fingerprinting method used to generate the reports;

add together the operating system identities in the reports which have a same report-type to provide, for each of different report-types, a single additive report of operating system identities;

determine which of the operating system identities are an intersection of the reported operating system identities in the single additive reports of the different report-types; and

assign the intersection of the reported operating system identities of the single additive reports of the different report-types as a resolved operating system identity,whereinone report of operating systems is one set of plural different operating system identities to which one host fingerprint maps, andthe intersection of the reported operating system identities is calculated as a set intersection among the operating system identities of the single additive reports for the different report-types for the single host.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a processor device. The processor device is configured to receive reports of operating system identities for a single host; determine which of the operating system identities are an intersection of the reported operating system identities; and assign the intersection of the reported operating system identities as a resolved operating system identity.

233 Citations

17 Claims

1. A system, comprising:
- a processor device configured to;
  
  receive reports of operating system identities for a single host;
  
  determine a report-type of each of the reports, wherein a report-type is a type of fingerprinting method used to generate the reports;
  
  add together the operating system identities in the reports which have a same report-type to provide, for each of different report-types, a single additive report of operating system identities;
  
  determine which of the operating system identities are an intersection of the reported operating system identities in the single additive reports of the different report-types; and
  
  assign the intersection of the reported operating system identities of the single additive reports of the different report-types as a resolved operating system identity,whereinone report of operating systems is one set of plural different operating system identities to which one host fingerprint maps, andthe intersection of the reported operating system identities is calculated as a set intersection among the operating system identities of the single additive reports for the different report-types for the single host.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, further comprising assigning more weight to a more reliable type of fingerprint, and providing a confidence level to the resolved operating system identity.
  - 3. The system of claim 1, further comprising assigning different weights to a same operating system identity based on a fingerprinting method that was used to relate the operating system to a reciprocating host.
  - 4. The system of claim 1,the reports being a passively detected report, an actively identified report and a manually input report,further comprising pre-defining a preference relationship among the passively detected report, the actively identified report and the manually input report that defines which type of report to prefer when there is an un-resolvable conflict among the reports of operating system identities for the single host.
  - 5. The system of claim 4, further comprising generating an alert when it is determined that there is the un-resolvable conflict among the reports of operating system identities for the single host.

6. A method, comprising:
- in a processor device, receiving reports of operating system identities for a single host;
  
  in the processor device, determining a report-type of each of the reports, wherein a report-type is a type of fingerprinting method used to generate the reports;
  
  in the processor device, adding together the operating system identities in the reports have a same report-type to provide, for each of different report-types, a single additive report of operating system identities;
  
  in the processor device, determining which of the operating system identities are an intersection of the reported operating system identities in the single additive reports of the different report-types; and
  
  assigning the intersection of the reported operating system identities of the single additive reports of the different report-types as a resolved operating system identity,whereinone report of operating systems is one set of plural different operating system identities to which one host fingerprint maps, andthe intersection of the reported operating system identities is calculated as a set intersection among the operating system identities of the single additive reports for the different report-types for the single host.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, further comprising assigning more weight to a more reliable type of fingerprint, and providing a confidence level to the resolved operating system identity.
  - 8. The method of claim 6, further comprising assigning different weights to a same operating system identity based on a fingerprinting method that was used to relate the operating system to a reciprocating host.
  - 9. The method of claim 6,the reports being a passively detected report, an actively identified report and a manually input report,further comprising pre-defining a preference relationship among the passively detected report, the actively identified report and the manually input report that defines which type of report to prefer when there is an un-resolvable conflict among the reports of operating system identities for the single host.
  - 10. The method of claim 9, further comprising generating an alert when it is determined that there is the un-resolvable conflict among the reports of operating system identities for the single host.
  - 11. An apparatus configured to perform the method of claim 6.
  - 12. A non-transitory computer readable medium comprising executable instructions for performing the method of claim 6.

13. A non-transitory computer-readable storage medium comprising computer-executable instructions for performing the steps of:
- in a processor device, receiving reports of service identities for a single host;
  
  in the processor device, determining a report-type of each of the reports, wherein a report-type is a type of fingerprinting method used to generate the reports;
  
  in the processor device, adding together the service identities in the reports which have a same report-type to provide, for each of different report-types, a single additive report of service identities;
  
  in the processor device, determining which of the service identities are an intersection of the reported service identities in the single additive reports of the different report-types; and
  
  assigning the intersection of the reported service identities of the single additive reports of the different report-types as a resolved service identity,whereinone report of service identities is one set of plural different service identities to which one host fingerprint maps, andthe intersection of the reported service identities is calculated as a set intersection among the service identities of the single additive reports for the different report-types for the single host.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The medium of claim 13, further comprising assigning more weight to a more reliable type of fingerprint, and providing a confidence level to the resolved service identity.
  - 15. The medium of claim 13, further comprising assigning different weights to a same service identity based on a fingerprinting method that was used to relate the service to a reciprocating host.
  - 16. The medium of claim 13,the reports being a passively detected report, an actively identified report and a manually input report,further comprising pre-defining a preference relationship among the passively detected report, the actively identified report and the manually input report that defines which type of report to prefer when there is an un-resolvable conflict among the reports of service identities for the single host.
  - 17. The medium of claim 16, further comprising generating an alert when it is determined that there is the un-resolvable conflict among the reports of service identities for the single host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Sourcefire Incorporated (Cisco Systems, Inc.)
Inventors
Vogel, William Andrew III, Baker, Andrew
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
Chang, Julian

Application Number

US12/820,227
Publication Number

US 20110314143A1
Time in Patent Office

1,358 Days
Field of Search

709223-226, 726 22- 26
US Class Current

709/224
CPC Class Codes

H04L 41/12 Discovery or management of ...

H04L 63/1433 Vulnerability analysis

System and method for resolving operating system or service identity conflicts

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

233 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for resolving operating system or service identity conflicts

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

233 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links