Rule-based network-threat detection

  • US 10,567,413 B2
  • Filed: 12/12/2018
  • Issued: 02/18/2020
  • Est. Priority Date: 04/17/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a packet-filtering device located at a boundary between a protected network and an unprotected network, a plurality of threat identifiers from a plurality of network-threat-intelligence providers;

    receiving, by the packet-filtering device, a plurality of packets;

    responsive to a determination by the packet-filtering device that a first packet of the plurality of packets corresponds to a first packet matching criterion specified by a first packet-filtering rule of a plurality of packet-filtering rules;

    applying, by the packet-filtering device and to the first packet, a first operator specified by the first packet-filtering rule corresponding to the first packet matching criterion;

    generating, by the packet-filtering device and for the first packet, a packet log entry comprising at least one threat identifier, of the plurality of threat identifiers, corresponding to the first packet;

    determining a number of network-threat-intelligence providers, of the plurality of network-threat-intelligence providers, from which the at least one threat identifier corresponding to the first packet was received; and

    determining, by the packet-filtering device, at least one score associated with the at least one threat identifier by determining at least a first score based on the determined number of network-threat-intelligence providers;

    generating a listing of at least a portion of the plurality of threat identifiers, comprising the at least one threat identifier, wherein a position of the at least one threat identifier in the listing is based on the determined first score; and

    reconfiguring at least one packet-filtering rule based on at least the generated listing,wherein each of the plurality of packet-filtering rules specifies at least one packet matching criterion and at least one operator.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×