Systems and methods for providing a visualizer for rules of an application firewall

US 9,215,212 B2
Filed: 06/22/2009
Issued: 12/15/2015
Est. Priority Date: 06/22/2009
Status: Active Grant

First Claim

Patent Images

1. A method of generating a representation of a plurality of learned rules from a learning engine of an application firewall based on a history of uniform resource locator (URL) communications with a web server, the method comprising:

a) determining, by a learning engine of an application firewall, a plurality of learned rules based on a history of URL communications with a web server, each of the plurality of learned rules assigned a URL string;

b) categorizing, by a visualizer, a subset of the plurality of learned rules under a first check type of a plurality of check types;

c) generating, by the visualizer, a first tree representation of URL strings of the subset of learned rules, each node of the first tree corresponding to a segment of the URL strings identified based on application of a first selected delimiter to the URL strings to segment the URL strings into a first plurality of segments, each URL string comprising a path to a resource and comprising multiple segments identified based on application of the first selected delimiter;

d) changing, via the visualizer responsive to a user operating the visualizer, the first delimiter to a second selected delimiter for the same URL strings of the subset of learned rules; and

e) generating, by the visualizer, a second tree representation of the same URL strings responsive to the change to the second selected delimiter, each node of the second tree corresponding to a segment of the URL strings identified based on application of the second selected delimiter to the URL strings to segment the URL strings into a second plurality of segments, the change allowing a visual comparison of hierarchical distributions of the first plurality of segments and the second plurality of segments between the first tree and the second tree, and distributions of the subset of learned rules corresponding to the first plurality of segments and the second plurality of segments.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods for generating a representation a plurality of learned rules from a learning engine of an application firewall. The representation may be generated based on a history of URL communications with a web server. A learning engine of an application firewall may determine a plurality of learned rules based on a history of URL communications with a web server. Each of the plurality of learned rules mat be assigned a URL string. A visualizer can categorize a subset of the plurality of learned rules under a first check type of a plurality of check types. The visualizer may further generate a tree representation of URL strings of the subset of learned rules. Each node of the tree corresponds to a segment of the URL strings identified based on a delimiter for the URL strings.

Citations

20 Claims

1. A method of generating a representation of a plurality of learned rules from a learning engine of an application firewall based on a history of uniform resource locator (URL) communications with a web server, the method comprising:
- a) determining, by a learning engine of an application firewall, a plurality of learned rules based on a history of URL communications with a web server, each of the plurality of learned rules assigned a URL string;
  
  b) categorizing, by a visualizer, a subset of the plurality of learned rules under a first check type of a plurality of check types;
  
  c) generating, by the visualizer, a first tree representation of URL strings of the subset of learned rules, each node of the first tree corresponding to a segment of the URL strings identified based on application of a first selected delimiter to the URL strings to segment the URL strings into a first plurality of segments, each URL string comprising a path to a resource and comprising multiple segments identified based on application of the first selected delimiter;
  
  d) changing, via the visualizer responsive to a user operating the visualizer, the first delimiter to a second selected delimiter for the same URL strings of the subset of learned rules; and
  
  e) generating, by the visualizer, a second tree representation of the same URL strings responsive to the change to the second selected delimiter, each node of the second tree corresponding to a segment of the URL strings identified based on application of the second selected delimiter to the URL strings to segment the URL strings into a second plurality of segments, the change allowing a visual comparison of hierarchical distributions of the first plurality of segments and the second plurality of segments between the first tree and the second tree, and distributions of the subset of learned rules corresponding to the first plurality of segments and the second plurality of segments.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises generating a first learned rule of the plurality of learned rules based on a plurality of URL communications having a first URL string in common, and assigning the first URL to the first learned rule.
  - 3. The method of claim 1, wherein step (b) further comprises generating a third tree representation for a second subset of the plurality of learned rules corresponding to a second check type of the plurality of check types.
  - 4. The method of claim 1, wherein step (c) further comprises generating the first tree representation based on the first delimiter, the first delimiter associated with the first check type.
  - 5. The method of claim 1, wherein step (c) further comprises specifying the first delimiter as belonging to a class of characters.
  - 6. The method of claim 1, wherein step (c) further comprises specifying the first delimiter as one of:
    - a special character, a non-alphabetical character and a non-alphanumeric character.
  - 7. The method of claim 1, wherein step (c) further comprises determining, by the visualizer for the first tree representation, a count of learned rules associated with a node.
  - 8. The method of claim 1, wherein step (c) further comprises determining, by the visualizer for the first tree representation, an expression representative of URL strings of learned rules associated with a node.
  - 9. The method of claim 1, wherein step (c) further comprises determining, by the visualizer for the first tree representation, a regular expression representative of URL strings of learned rules associated with a node.
  - 10. The method of claim 1, wherein step (c) further comprises selecting, responsive to the user of the visualizer, the second delimiter based on one or more of:
    - the first check type, an attribute of the first tree representation, and a characteristic of the URL strings.

11. A system of generating a representation of a plurality of learned rules from a learning engine of an application firewall based on a history of uniform resource locator (URL) communications with a web server, comprising:
- a learning engine of an application firewall, determining a plurality of learned rules based on a history of URL communications with a web server, each of the plurality of learned rules assigned a URL string, each URL string comprising a path to a resource; and
  
  a visualizer executing on a device, categorizing a subset of the plurality of learned rules under a first check type of a plurality of check types, generating a first tree representation of URL strings of the subset of learned rules, each node of the first tree representation corresponding to a segment of the URL strings identified based on application of a first delimiter to the URL strings to segment the URL strings into a first plurality of segments, each of the first plurality of URL strings comprising multiple segments identified based on application of the first selected delimiter, and generating, responsive to changing the first delimiter to a second selected delimiter for the same URL strings via the visualizer responsive to a user operating the visualizer, a second tree representation of the same URL strings of the subset of learned rules change, each node of the second tree corresponding to a segment of the URL strings identified based on application of the second selected delimiter to the URL strings to segment the URL strings into a second plurality of segments, the change allowing a visual comparison of hierarchical distributions of the first plurality of segments and the second plurality of segments between the first tree and the second tree, and distributions of the subset of learned rules corresponding to the first plurality of segments and the second plurality of segments.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the learning engine generates a first learned rule of the plurality of learned rules based on a plurality of URL communications having a first URL string in common and assigns the first URL to the first learned rule.
  - 13. The system of claim 11, wherein the visualizer generates a third tree representation for a second subset of the plurality of learned rules corresponding to a second check type of the plurality of check types.
  - 14. The system of claim 11, wherein the visualizer generates the first tree representation based on the first delimiter, the first delimiter associated with the first check type.
  - 15. The system of claim 11, wherein the first delimiter is specified as belonging to a class of characters.
  - 16. The system of claim 11, wherein the first delimiter is specified as one of:
    - a special character, a non-alphabetical character and a non-alphanumeric character.
  - 17. The system of claim 11, wherein the visualizer determines, for the first tree representation, a count of learned rules associated with a node.
  - 18. The system of claim 11, wherein the visualizer determines, for the first tree representation, an expression representative of URL strings of learned rules associated with a node.
  - 19. The system of claim 11, wherein the visualizer determines, for the first tree representation, a regular expression representative of URL strings of learned rules associated with a node.
  - 20. The system of claim 11, wherein the visualizer generates the second tree representation of the URL strings responsive to changing the first delimiter to the second delimiter, the second delimiter selected based on one or more of:
    - the first check type, an attribute of the first tree representation, and a characteristic of the URL strings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Reddy, Anoop Kandi, Goyal, Raghu, Gupta, Sanjay, Wong, Stanley
Primary Examiner(s)
Levy, Amy M

Application Number

US12/489,329
Publication Number

US 20100325588A1
Time in Patent Office

2,367 Days
Field of Search

715/853
US Class Current

1/1
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2145   Inheriting rights or proper...

G06F 3/048   Interaction techniques base...

H04L 63/0263   Rule management

Systems and methods for providing a visualizer for rules of an application firewall

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing a visualizer for rules of an application firewall

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links