System and method for local protection against malicious software
US-9467470-B2 · Oct 11, 2016 · US
Data determination apparatus, data determination method, and computer readable medium
US10171252B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10171252-B2 |
| Application number | US-201515510981-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 22, 2015 |
| Priority date | Jan 16, 2015 |
| Publication date | Jan 1, 2019 |
| Grant date | Jan 1, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in respective operating states, a communication unit to obtain communication determination data, and a determination unit to determine whether or not the communication determination data is communication permitted data whose communication has been permitted in a current operating state, using the current operating state and the communication permission list.
First claim
Opening claim text (preview).
The invention claimed is: 1. A data determination apparatus comprising: processing circuitry configured to measure a period of time during which an operating state of the data determination apparatus continues; store a state transition model representing a state transition between respective operating states of a plurality of operating states according to obtained information obtained by the data determination apparatus; store a history of the obtained information as an obtained information history; hold an operating state of the data determination apparatus based on the state transition model; store, as a communication permission list, communication permitted data whose communications are permitted in the respective operating states of the plurality of operating states; obtain communication data as communication determination data; and obtain the communication determination data obtained, obtain the operating state of the data determination apparatus held as a current operating state, and determine whether or not the communication determination data is communication permitted data whose communication has been permitted in the current operating state, using the current operating state and the communication permission list, wherein the obtained information includes the communication data obtained by the communication, an operation signal indicating receipt of an operation on the data determination apparatus, and a timer signal output from the timer, the processing circuitry generates the state transition model and the communication permission list, based on the obtained information history, the processing circuitry generates the state transition model by setting a wait state when a period of time elapsed between successive communication data included in the Obtained information history is a first period or more, setting, as a first change point, a point of time of having obtained information other than the communication data and setting each of states before and after the first change point as a first operating state, and setting, as a second change point, a point of time of having obtained transition communication data whereby an operating state transition has been determined to be made in each first operating state and setting each of states before and after the second change point as a second operating state. 2. The data determination apparatus according to claim 1 , wherein the processing circuitry outputs an alarm indicating detection of abnormality when the communication determination data is determined not to be the communication permitted data. 3. The data determination apparatus according to claim 1 , wherein the processing circuitry blocks the communication when the communication determination data is determined not to be the communication permitted data. 4. The data determination apparatus according to claim 1 , wherein the processing circuitry transitions the operating state of the data determination apparatus based on the state transition model when the communication determination data is determined to be the communication permitted data. 5. The data determination apparatus according to claim 1 , wherein the processing circuitry transitions the operating state of the data determination apparatus to an abnormal state when the communication determination data is determined not to be the communication permitted data. 6. The data determination apparatus according to claim 1 , wherein the processing circuitry sets, in the communication permission list, the communication data communicated in each operating state included in the state transition model, as the communication permitted data. 7. The data determination apparatus according to claim 1 , wherein the processing circuitry extracts the transition communication data, using a clustering method. 8. A data determination method comprising: measuring a period of time during which an operating state of a data determination apparatus continues; storing a state transition model representing a state transition between respective operating states of a plurality of operating states according to obtained information obtained by the data determination apparatus; storing a history of the obtained information as an obtained information history; holding an operating state of the data determination apparatus based on the state transition model; storing, as a communication permission list, communication permitted data whose communications are permitted in the respective operating states of the plurality of operating states; obtaining communication data as communication determination data; and obtaining the communication determination data obtained, obtaining the operating state of the data determination apparatus held as a current operating state, and determining whether or not the communication determination data is communication permitted data whose communication has been permitted in the current operating state, using the current operating state and the communication permission list, wherein the obtained information includes the communication data obtained by the communication, an operation signal indicating receipt of an operation on the data determination apparatus, and a timer signal output from the timer, the state transition model and the communication permission list are generated based on the obtained information history, the state transition model is generated by setting a wait state when a period of time elapsed between successive communication data included in the obtained information history is a first period or more, setting, as a first change point, a point of time of having obtained information other than the communication data and setting each of states before and after the first change point as a first operating state, and setting, as a second change point, a point of time of having obtained transition communication data whereby an operating state transition has been determined to be made in each first operating state and setting each of states before and after the second change point as a second operating state. 9. A non-transitory computer readable medium storing a program of a data determination apparatus comprising a state transition model storage unit to store a state transition model representing a state transition between respective operating states of a plurality of operating states, and a communication permission list storage unit to store, as a communication permission list, communication permitted data whose communications are permitted in the respective operating states of the plurality of operating states, the program causing a computer to: measure a period of time during which an operating state of a data determination apparatus continues; store a state transition model representing a state transition between respective operating states of a plurality of operating states according to obtained information obtained by the data determination apparatus; store a history of the obtained information as an obtained information history; hold an operating state of the data determination apparatus based on the state transition model; store, as a communication permission list, communication permitted data whose communications are permitted in the respective operating states of the plurality of operating states; obtain communication data as communication determination data; and obtain the communication determination data obtained in the communication process, obtaining the operating state of the data determination apparatus held in the state management process as a current operating state, and determining whether or not the communication determination data is communication permitted data whose communication has been permitted in the current operating st
Assignees
Inventors
Classifications
Filtering policies (mail message filtering H04L51/212) · CPC title
using dedicated hardware · CPC title
Event detection, e.g. attack signature detection · CPC title
Rule management · CPC title
- H04L9/36Primary
with means for detecting characters not meant for transmission · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10171252B2 cover?
- A data determination apparatus of the present invention includes a state transition model storage unit to store a state transition model representing a state transition, a state management unit to hold an operating state of an own apparatus based on the state transition model, a communication permission list storage unit to store, as a communication permission list, communication permitted data…
- Who is the assignee on this patent?
- Mitsubishi Electric Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/36. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).