Automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications
First Claim
1. A non-transitory, tangible computer-readable media which has stored in it instructions, which when executed by a computer that participates in protection of a web application that is installed on a protected device and to which clients send hypertext transfer protocol (HTTP) requests, cause the computer to perform the steps of:
- responsive to a sensor collecting the HTTP requests sent by the clients to the web application installed on the protected device, automatically creating for the web application a profile with a plurality of discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous;
automatically determining that a first discrete part of the plurality of discrete parts of the profile has become a stable representation of normal behavior so that deviations from the first discrete part can be considered anomalous while a second discrete part of the plurality of discrete parts of the profile is not a stable representation; and
responsive to the automatically determining, automatically deploying by the computer the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part but not detect deviations from the normal behavior represented by the second discrete part while the second discrete part of the profile remains not a stable representation.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.
23 Citations
23 Claims
-
1. A non-transitory, tangible computer-readable media which has stored in it instructions, which when executed by a computer that participates in protection of a web application that is installed on a protected device and to which clients send hypertext transfer protocol (HTTP) requests, cause the computer to perform the steps of:
-
responsive to a sensor collecting the HTTP requests sent by the clients to the web application installed on the protected device, automatically creating for the web application a profile with a plurality of discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous; automatically determining that a first discrete part of the plurality of discrete parts of the profile has become a stable representation of normal behavior so that deviations from the first discrete part can be considered anomalous while a second discrete part of the plurality of discrete parts of the profile is not a stable representation; and responsive to the automatically determining, automatically deploying by the computer the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part but not detect deviations from the normal behavior represented by the second discrete part while the second discrete part of the profile remains not a stable representation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification