System and method for a meta scan engine
地域:
MD
MD Bowie
摘要
Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.
說(shuō)明書(shū)
The present disclosure relates to a system and method for data analysis and identification, and more specifically to an engine which scans data using multiple engines connected in a hierarchical, non-linear combination.
Scanning data for specific conditions is a processing intensive task which grows exponentially more difficult as the amount of data being processed grows. For example, plagiarism detection software can be used to compare a new document to previously known documents. As the number of previously known documents increases, the number of comparisons required to determine if the new document is an exact copy increases in a linear fashion—that is, if you add more books or papers to the “known” database, the number of additional comparisons required to determine if the new document matches a previous document increases by a similar amount. However, when determining if any given paragraph in the new document matches any paragraph in any of the previous documents, the number of comparisons begins to rapidly increase based on the size of the document being compared and/or any increases to the database of known documents.
As the number of comparisons increases, the processing power and/or time required to adequately compare the data can become prohibitive. For example, in the area of cybersecurity, the number of “known” threats continues to increase almost constantly. To continue to provide real-time threat monitoring of trafficked data as the number of threats continues to increase requires either an immense amount of processing power or an improved method of detecting threats.
權(quán)利要求
We claim:1. A method comprising:receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying, via a computer, commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, via the computer and based on plurality of threat conditions and the commonalities, a hierarchy for scanning of the cyber threats, the hierarchy having lowest layers of threats which are connected to higher layers of threats by the commonalities; scanning, via the computer, for all of the lowest layers of threats simultaneously; and upon meeting a predetermined number of Boolean conditions during the scanning of the lowest layers, scanning at a higher layer of the hierarchy. 2. The method of claim 1 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying, via the computer, data to be scanned for the cyber threats; caching, via the computer, information about the data in a cache; comparing, via the computer, the information within the cache to the plurality of threat conditions in an order determined by the hierarchy, to yield a comparison; tracking, via the computer, detection of the commonalities within the data based on the comparison, to yield commonality detection; and identifying, via the computer, found cyber threats based on the comparison and the commonality detection. 3. The method of claim 1 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying, via the computer, data to be scanned for the cyber threats; caching, via the computer, information about the data in a cache; deploying, via the computer, a plurality of search engines to analyze the information within the cache; receiving search results from the plurality of search engines; and identifying, via the computer, found cyber threats based on the search results according to the hierarchy. 4. The method of claim 1 , further comprising:storing, via the computer, states associated with each threat condition, wherein the states associated with each threat condition persist throughout each respective scan iteration; identifying, via the computer, a first threat analysis and a second threat analysis which are both required for a common parent node within the hierarchy; and imposing, via the computer, a stop limit on the first threat analysis due to a distinct rate of detection between the first threat analysis and the second threat analysis, such that the first threat analysis is not performed until the second threat analysis is positive while the stop limit is in place. 5. The method of claim 1 , wherein the hierarchy is a directed acyclic graph. 6. The method of claim 1 , wherein the scanning for the cyber threats according to the hierarchy is performed on data passing through an Internet firewall. 7. The method of claim 1 , wherein the plurality of threat conditions for each cyber threat in the cyber threats are periodically updated. 8. The method of claim 1 , wherein:the predetermined number of Boolean conditions comprises a non-entirety portion of a total number of Boolean conditions for threats having a common higher layer within the hierarchy; and the scanning at the higher layer of the hierarchy identifies additional Boolean conditions. 9. A system, comprising:a processor; and a computer-readable storage medium having instructions stored which, when executed by the processor, cause the processor to perform operations comprising:receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the plurality of threat conditions and the commonalities, a hierarchy for scanning of the cyber threats, the hierarchy having lowest layers of threats which are connected to higher layers of threats by the commonalities; scanning for all of the lowest layers of threats simultaneously; and upon meeting a predetermined number of Boolean conditions during the scanning of the lowest layers, scanning at a higher layer of the hierarchy. 10. The system of claim 9 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying data to be scanned for the cyber threats; caching information about the data in a cache; comparing the information within the cache to the plurality of threat conditions in an order determined by the hierarchy, to yield a comparison; tracking detection of the commonalities within the data based on the comparison, to yield commonality detection; and identifying found cyber threats based on the comparison and the commonality detection. 11. The system of claim 9 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying data to be scanned for the cyber threats; caching information about the data in a cache; deploying a plurality of search engines to analyze the information within the cache; receiving search results from the plurality of search engines; and identifying found cyber threats based on the search results according to the hierarchy. 12. The system of claim 9 , the computer-readable storage medium having additional instructions stored which, when executed by the processor, cause the processor to perform operations comprising:storing states associated with each threat condition, wherein the states associated with each threat condition persist throughout each respective scan iteration; identifying a first threat analysis and a second threat analysis which are both required for a common parent node within the hierarchy; and imposing a stop limit on the first threat analysis due to a distinct rate of detection between the first threat analysis and the second threat analysis, such that the first threat analysis is not performed until the second threat analysis is positive while the stop limit is in place. 13. The system of claim 9 , wherein the hierarchy is a directed acyclic graph. 14. The system of claim 9 , wherein the scanning for the cyber threats according to the hierarchy is performed on data passing through an Internet firewall. 15. The system of claim 9 , wherein the plurality of threat conditions for each cyber threat in the cyber threats are periodically updated. 16. A non-transitory computer-readable storage medium having instructions stored which, when executed by a computing device, cause the computing device to perform operations comprising:receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the plurality of threat conditions and the commonalities, a hierarchy for scanning of the cyber threats, the hierarchy having lowest layers of threats which are connected to higher layers of threats by the commonalities; scanning for all of the lowest layers of threats simultaneously; and upon meeting a predetermined number of Boolean conditions during the scanning of the lowest layers, scanning at a higher layer of the hierarchy. 17. The non-transitory computer-readable storage medium of claim 16 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying data to be scanned for the cyber threats; caching information about the data in a cache; comparing the information within the cache to the plurality of threat conditions in an order determined by the hierarchy, to yield a comparison; tracking detection of the commonalities within the data based on the comparison, to yield commonality detection; and identifying found cyber threats based on the comparison and the commonality detection. 18. The non-transitory computer-readable storage medium of claim 16 , wherein the scanning for the cyber threats according to the hierarchy further comprises:identifying data to be scanned for the cyber threats; caching information about the data in a cache; deploying a plurality of search engines to analyze the information within the cache; receiving search results from the plurality of search engines; and identifying found cyber threats based on the search results according to the hierarchy. 19. The non-transitory computer-readable storage medium of claim 16 , the computer-readable storage medium having additional instructions stored which, when executed by the processor, cause the processor to perform operations comprising:storing states associated with each threat condition, wherein the states associated with each threat condition persist throughout each respective scan iteration; identifying a first threat analysis and a second threat analysis which are both required for a common parent node within the hierarchy; and imposing a stop limit on the first threat analysis due to a distinct rate of detection between the first threat analysis and the second threat analysis, such that the first threat analysis is not performed until the second threat analysis is positive while the stop limit is in place. 20. The non-transitory computer-readable storage medium of claim 16 , wherein the hierarchy is a directed acyclic graph. 21. The non-transitory computer-readable storage medium of claim 16 , wherein the scanning for the cyber threats according to the hierarchy is performed on data passing through an Internet firewall.
意見(jiàn)反饋
使用該功能遇到問(wèn)題
該功能需要專業(yè)版企業(yè)版VIP權(quán)限,您可以:
您也可以聯(lián)系官方QQ: 2157717237 電話: 13264338900