×

Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications

  • US 8,713,682 B2
  • Filed: 06/14/2010
  • Issued: 04/29/2014
  • Est. Priority Date: 12/02/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method performed by network sensors and a secure server for protection of applications residing on servers of a secured system, wherein the method comprises:

  • entering a learn mode of the secured system;

    collecting, by the network sensors, application events by one or more of analyzing network level protocol attributes to reconstruct application requests and polling information about recent application events from the servers on which the applications reside;

    analyzing the application events;

    generating a normal behavior profile (NBP) based on the analysis of the application events, wherein the NBP comprises at least a plurality of profile items and each of the plurality profile items comprises a profile property;

    performing in the secure server analysis on the NBP, wherein the analysis comprises;

    computing a percentage of learning progress for each profile item out of the total number of the application events received over a predefined time; and

    determining the respective profile item is stable if the percentage of learning progress exceeds a predefined threshold; and

    exiting the learn mode and entering a protect mode for the secured system for at least the profile items determined to be stable.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×