Baseline calculation for firewalling
US10417414B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 21, 2016 |
| Grant date | Sep 17, 2019 |
| Priority date | — |
| Expiry date | Jun 5, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method, computer program product, and apparatus for performing baseline calculations for firewalling in a computer network is disclosed. The method involves defining a reference group for an executed software program, measuring signals in the reference group, measuring signals of the program, computing a distance between the signals of the program and the signals of the reference group, and taking an action if the computed distance deviates from a norm mode. The distance can be computed using a similarity matrix or other method. Measuring the program comprises observing behaviors of the program, collecting and analyzing data, comparing the data to baselines of the reference group, and comparing the behaviors of the program across a previous execution of the program. In cases where a program is known to be malicious, a reference group is not needed and a sandbox can be tailored just by copying the environment of the actual system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.