Method and apparatus for detecting a multi-stage event
First Claim
Patent Images
1. A multi-stage event detector device, comprising:
- at least one processor and a memory operably coupled thereto, the at least one processor being configured to execute instructions stored in the memory to at least generate main and subprocesses, each main and sub-process being configured to generate and initiate one or more detection agents each of which is configured to be triggered by detecting the occurrence of a trigger event or series of events and to report back to its generating process or sub-process upon being so triggered, andwherein each generated process or sub-process is configured to respond to receipt of a report from a triggered detection agent by either (a) reporting a detection of a multi-stage event or part thereof to either a parent process or sub-process or to an overall software control module, or (b) generating and initiating a second detection agent or a second subprocess, wherein the generated process or sub-process that generated and initiated the second agent or second sub-process remains active, andwherein different processes and sub-processes are configured to operate in parallel.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.
24 Citations
19 Claims
-
1. A multi-stage event detector device, comprising:
-
at least one processor and a memory operably coupled thereto, the at least one processor being configured to execute instructions stored in the memory to at least generate main and subprocesses, each main and sub-process being configured to generate and initiate one or more detection agents each of which is configured to be triggered by detecting the occurrence of a trigger event or series of events and to report back to its generating process or sub-process upon being so triggered, and wherein each generated process or sub-process is configured to respond to receipt of a report from a triggered detection agent by either (a) reporting a detection of a multi-stage event or part thereof to either a parent process or sub-process or to an overall software control module, or (b) generating and initiating a second detection agent or a second subprocess, wherein the generated process or sub-process that generated and initiated the second agent or second sub-process remains active, and wherein different processes and sub-processes are configured to operate in parallel. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of detecting the occurrence of a multi-stage event within a system being monitored, the method comprising:
-
generating, using processing resources including at least one processor and a memory, main and sub-processes, each main and sub-process being configured to generate and initiate one or more detection agents each of which is configured to be triggered by detecting the occurrence of a trigger event or series of events and to report back to its generating process or sub-process upon being so triggered, and wherein each process or sub-process is configured to respond to receipt of a report from a triggered detection agent by either (a) reporting the detection of a multi-stage event or part thereof to either a parent process or sub-process or to an overall software control module, or (b) generating and initiating a second detection agent or a second sub-process, wherein the generated process or sub-process that generated and initiated the second agent or second sub-process remains active; and detecting, using the processing resources, the occurrence of a multi-stage event in dependence upon the triggering of one or more detection agents, wherein different processes and sub-processes are configured to operate in parallel. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A multi-stage event detector device, comprising:
-
at least one processor and a memory operably coupled thereto, the at least one processor being configured to execute instructions stored in the memory to at least generate main and subprocesses, each main and sub-process being configured to generate and initiate one or more detection agents, each being configured to be triggered by detecting the occurrence of a trigger event or series of events and to report back to its generating process or sub-process upon being so triggered;
wherein each generated process or sub-process is configured to perform both of, and selectively execute one of, responding to receipt of a report from a triggered detection agent by either (a) reporting a detection of a multi-stage event or part thereof to either (i) a parent process or sub-process or (ii) an overall software control module, and (b) generating and initiating a second detection agent or a second sub-process;wherein the generated process or sub-process that generated and initiated the second agent or second sub-process remains active, wherein at least one of the trigger events or series of events is associated with plural different attacks, and wherein different processes and sub-processes are configured to operate in parallel. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium comprising instructions that, when executed by a processor of a computer, perform functionality comprising:
-
generating main and sub-processes, each main and sub-process being configured to generate and initiate one or more detection agents each of which is configured to be triggered by detecting the occurrence of a trigger event or series of events and to report back to its generating process or sub-process upon being so triggered, and wherein each process or sub-process is configured to respond to receipt of a report from a triggered detection agent by either (a) reporting the detection of a multi-stage event or part thereof to either a parent process or subprocess or to an overall software control module, or (b) generating and initiating a second detection agent or a second sub-process, wherein the generated process or sub-process that generated and initiated the second agent or second sub-process remains active; and detecting the occurrence of a multi-stage event in dependence upon the triggering of one or more detection agents, wherein different processes and sub-processes are configured to operate in parallel.
-
Specification