A security gateway receives messages and extracts components thereof, typically in the form of field name-value pairs. The security gateway determines a data type of the values for individual field names to infer the most restrictive data type of the values for that field. The security gateway may t
A security gateway receives messages and extracts components thereof, typically in the form of field name-value pairs. The security gateway determines a data type of the values for individual field names to infer the most restrictive data type of the values for that field. The security gateway may then generates rules, which would block messages that do not have values that match the most restrictive data type. Since the most restrictive data type defines a data type of values for the field as narrowly as possible, the generated rules will make it more difficult for an intruder to guess a valid data type of a value. Since messages that have values that do not match the most restrictive data type are likely to represent malicious attacks, the more narrowly the data type of values is defined, the greater the number of illegitimate messages that will be blocked.
대표청구항▼
We claim: 1. A method of a device for filtering messages routed across a network, the messages including field name-value pairs, the method comprising: extracting, by a filter configured on a device, field name-value pairs from messages received via a network; determining, by a learning engine conf
We claim: 1. A method of a device for filtering messages routed across a network, the messages including field name-value pairs, the method comprising: extracting, by a filter configured on a device, field name-value pairs from messages received via a network; determining, by a learning engine configured on the device, a most restrictive data type of values from a plurality of data types of values for a field name of the extracted field name-value pairs; determining, by the learning engine, a match factor for a data type, the match factor indicating a fraction of values for the same field name that match the data type; selecting, by the learning engine, a data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold; and storing, by the device, the most restrictive data type in association with the field name. 2. The method of claim 1, further comprising: generating, by the learning engine, a rule which would allow messages having values of a field name that match the most restrictive data type. 3. The method of claim 2, further comprising: applying, by the learning engine, the rule to determine whether to allow messages having values for a field name that match the most restrictive data type. 4. The method of claim 1, wherein the threshold is a fraction of values for the same field name which should match the data type. 5. A method of a device for filtering Uniform Resource Locator (URL) messages routed across a network, wherein the messages include URL components, the method comprising: extracting, by a filter configured on a device, URL components from messages received via a network; determining, by a learning engine configured on the device, for URL components at a same level, with a same root URL component, a most restrictive data type from a plurality of data types of extracted URL components at the same level; determining, by the learning engine, a match factor for a data type the match factor indicating a fraction of URL components at the same level, with the same root URL component that matches the data type; and selecting, by the learning engine, a data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold; and storing, by the learning engine, the most restrictive data type in association with the URL components at the same level. 6. The method of claim 5, further comprising: generating, by the learning engine, a rule which would allow messages having the URL components that match the most restrictive data type. 7. The method of claim 6, further comprising: applying, by the learning engine, the rule to determine whether to allow messages having the URL components that match the most restrictive data type. 8. The method of claim 5, wherein the threshold is a fraction of URL components at the same level, with the same root URL component, which should match the data type. 9. A method of a device for inferencing a data type of scalar objects from messages routed across a network, the method comprising: identifying, by a message filter configured on a device, scalar objects from messages received via a network, each of the scalar objects having a data type from a plurality of data types; determining, by learning engine configured on the device, a match factor for a each data type of the scalar objects, the match factor indicating a fraction of the scalar objects that match the data type; and selecting, by the learning engine, a most restrictive data type from the plurality of data types of the scalar objects, the most restrictive data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold. 10. The method of claim 9, wherein the threshold is a fraction of scalar objects which should match the data type. 11. A system for inferencing a data type of scalar objects from messages routed across a network, the system comprising: a learning engine configured in a device for determining a match factor for each data type of the scalar objects, the match factor indicating a fraction of scalar objects identified from messages received via a network that match the data type; and wherein the learning engine the device selects a most restrictive data type from a plurality of data types of the scalar objects, the most restrictive data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold. 12. A system for filtering messages routed across a network, the messages including field name-value pairs, the system comprising: a learning engine configured on a device, for extracting field name-value pairs from messages received via a network, determining, a most restrictive data type of values from a plurality of data types of values for a field name from the extracted field name-value pairs, and storing the most restrictive data type in association with the field name, determining a match factor for a data type, the match factor indicating a fraction of values for the same field name that match the data type, and selecting a data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold; and a message filter configured on the device, for generating a rule which would allow messages having values of a field name that match the most restrictive data type. 13. The system of claim 12, wherein the learning engine is further adapted to generate a rule which would allow messages having values of a field name that match the most restrictive data type. 14. The system of claim 12, wherein the message filter is further adapted to apply the rule to determine whether to allow messages having values for a field name that match the most restrictive data type. 15. The system of claim 12, wherein the threshold is a fraction of values for the same field name which should match the data type. 16. A system for filtering Uniform Resource Locator (URL) messages routed across a network, wherein the messages include URL components, the system comprising: a learning engine configured on a device, for extracting URL components from messages received from a network, determining, for URL components at a same level, with a same root URL component, a most restrictive data type from a plurality of data types of URL components at the same level, and storing the most restrictive data type in association with the URL components at the same level, determining a match factor for a data type the match factor indicating a fraction of URL components at the same level with the same root URL component, that match the data type, and selecting a data type having a match factor exceeding a threshold and having no child data types with a match factor exceeding the threshold; and a message filter configured on the device, for generating a rule which would allow messages having the URL components that match the most restrictive data type. 17. The system of claim 16, wherein the learning engine is further adapted to generate a rule which would allow messages having the URL components that match the most restrictive data type. 18. The system of claim 16, wherein the message filter is further adapted to apply the rule to determine whether to allow messages having the URL components that match the most restrictive data type. 19. The system of claim 16, wherein the threshold is a fraction of URL components at the same level, with the same root URL component, which should match the data type.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (156)
Bowman-Amuah, Michel K., Abstraction factory in a base services pattern environment.
Giacobbe,Gail Borod; Starbuck,Bryan T.; Winjum,Randy Knight; Lueders,John Heinrich; Vaschillo,Alexander E.; Wells,Stephen T.; Combs,Robert C.; Sundararaman,Sridhar; Rachamadugu,Raghavendra; Van Hoof,, Accessing different types of electronic messages through a common messaging interface.
Francesco Pappalardo IT; Liliana Arcidiacono IT; Biagio Giacalone IT; Dario Di Bella IT, Coding and storing method for fuzzy logic rules and circuit architecture for processing such rules.
Michel K. Bowman-Amuah, Common interface for handling exception interface name with additional prefix and suffix for handling exceptions in environment services patterns.
Kurosawa Kenichi (Hitachi JPX) Shimada Masaru (Hitachi JPX) Hirayama Hirokazu (Yokohama JPX) Bandoh Tadaaki (Ibaraki JPX) Mori Kiyomi (Hitachi JPX), Compile type knowledge processing tool, a high-speed inference method therefor and a system using the tool.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd ; Banay Dan, Computer-based communication system and method using metadata defining a control structure.
Drummond Shattuck Reed ; Peter Earnshaw Heymann ; Steven Mark Mushero ; Kevin Benard Jones ; Jeffrey Todd Oberlander ; Dan Banay, Computer-based communication system and method using metadata defining a control-structure.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Doyle Michael D. ; Martin David C. ; Ang Cheong S., Distributed hypermedia method for automatically invoking external application providing interaction and display of embe.
Nomura Tatsuya,JPX ; Miyoshi Tsutomu,JPX, Evolutionary adaptation type inference knowledge extracting apparatus capable of being adapted to a change of input/out.
Betz,Linda; Dayka,John C.; Farrell,Walter B.; Guski,Richard H.; Karjoth,Guenter; Nelson,Mark A.; Pfitzmann,Birgit M.; Schunter,Matthias; Waidner,Michael P., Implementation and use of a PII data access control facility employing personally identifying information labels and purpose serving functions sets.
Mohaban, Shai; Parnafes, Itzhak; Ramberg, Yoram; Snir, Yoram; Strassner, John, Method and apparatus for storing policies for policy-based management of network quality of service.
Buckingham, Patrik; Chung, Wing-Kuen; Hwang, Cherng-Daw; Yu, Christine, Method and apparatus for voice port hunting of remote telephone extensions using voice over packet-data-network systems (VOPS).
Shai Mohaban ; Itzhak Parnafes ; Yoram Ramberg IL; Yoram Snir IL; John Strassner, Method and apparatus of storing policies for policy-based management of quality of service treatments of network data traffic flows.
Rajkumar,N. Isaac; You,Puhong; Caldwell,David Dean; Larsen,Brett J.; Afshar,Jamshid; O'Connell,Conleth, Method and system for an extensible caching framework.
Iyer,Rama; Bradley,Gregory S.; Shaw,Phillip R.; Penner,Jeffery M.; Huffman,David L.; Pandy,Emmanual G.; Ghosh,Kanika; Ramachandren,Devanand, Method and system for managing real time data.
Frank Klotz ; Dean Hiller ; Ian Kluft ; William B. May, Jr., Method for compile-time type-checking of arguments for externally-specified format strings.
Machin Richard C. ; Hyder Jameel, Method, system, and computer program product for creating a raw data channel form an integrating component to a series of kernel mode filters.
Komatsu, Chihiro; Fujita, Satoru, Program verifying system, program verifying method, and storage medium for storing software of program verifying method.
Carley, Kevin W.; Harrington, Lisa Marie; Dikeman, Jennifer Scot; Moody, Megan Davies; Gregory, Mary Michelle, Providing a notification when a plurality of users are altering similar data in a health care solution environment.
DeMello,Marco A.; Narin,Attila; Setty,Venkateshaiah; Zeman,Pavel; Krishnaswamy,Vinay; Manferdelli,John L.; Byrum,Frank D.; Keely,Leroy B.; Yaacovi,Yoram; Alger,Jeffrey H., System and method for activating a rendering device in a multi-level rights-management architecture.
Craig Chambers ; Susan J. Eggers ; Brian K. Grant ; Markus Mock ; Matthai Philipose, System and method for performing selective dynamic compilation using run-time information.
Hewett,Delane Robert; Sundstrom,Johan A. F.; Beiter,Christopher J., System and method for using dynamic web components to remotely control the security state of web pages.
Lai Meichen (San Jose CA) Lee Tony Kuen (San Jose CA) Nishimura Jenny Y. K. (San Jose CA) Shank Gerda R. (San Francisco CA), System and procedure for concurrent database access by multiple user applications through shared connection processes.
Zhou, Peter Y.; Pang, Dexing; Tong, Yiu-Cho Alan; Lin, Ning; Addington, David Ralph; Albanna, Rowena Lampa; Albanna, Amro; Bolton, Keith I., System for localizing and sensing objects and providing alerts.
Carr Brian P. (Jefferson Valley NY) Glowny David A. (Naugatuck CT) Mastrangelo Colette A. (Danbury CT) Mayer Paul M. (Middlebury CT) Seltzer Arthur (Richboro PA) Shier Peter D. (Danbury CT), System for parsing message units from an unstructured message stream of interleaved message units to form structured mes.
Firth Richard Louis ; Treadwell David, System having a library of protocol independent reentrant network interface functions for providing common calling inte.
Bowman-Amuah Michel K., System, method and article of manufacture for a globally addressable interface in a communication services patterns environment.
Michel K. Bowman-Amuah, System, method and article of manufacture for a persistent state and persistent object separator in an information services patterns environment.
Hoffman,George Harry; Reece,Debra Gayle; Tomas Flynn,Martha Helen; Burk,Michael James; Greene,Edward Arthur, System, method and computer program product for contract consistency in a supply chain management framework.
Menninger,Anthony Frank; Sechrist,Daniel; Diaz,Adriana Maria, System, method and computer program product for error checking in a supply chain management framework.
Hoffman,George Harry; Burk,Michael James; Menninger,Anthony Frank, System, method and computer program product for landed cost reporting in a supply chain management framework.
Menninger,Anthony Frank; Sechrist,Daniel; Rueff,Mark Patrick, System, method and computer program product for normalizing data in a supply chain management framework.
Menninger, Anthony Frank; Burk, Michael James, System, method and computer program product for order confirmation in a supply chain management framework.
Hoffman,George Harry; Greene,Edward Arthur, System, method and computer program product for utilizing market demand information for generating revenue.
Haswell, John Jeffrey; Young, Robert J.; Schramm, Kevin, System, method, and article of manufacture for test maintenance in an automated scripting framework.
Bracewell,Shawn D.; Mayhan,Troy; Simpson, Jr.,Russell L.; Vetrivel,Puhazholi; Beattie,Ward, Template architecture and rendering engine for web browser access to databases.
Goodman,Joshua T.; Rounthwaite,Robert L.; Hulten,Geoffrey J.; Yih,Wen tau, Training filters for detecting spasm based on IP addresses and text-related features.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.