Communication device, system, and method
US-2019190777-A1 · Jun 20, 2019 · US
Whitelist generator, whitelist evaluator, whitelist generator/evaluator, whitelist generation method, whitelist evaluation method, and whitelist generation/evaluation method
US11665165B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11665165-B2 |
| Application number | US-201716464539-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 23, 2017 |
| Priority date | Jan 23, 2017 |
| Publication date | May 30, 2023 |
| Grant date | May 30, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.
First claim
Opening claim text (preview).
The invention claimed is: 1. A whitelist generator applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, and generating a whitelist corresponding to a system state in order to use for whitelisting intrusion detection, the whitelist generator comprising: a processor; and a memory storing instructions which, when executed by the processor, performs a process including receiving a model of the system in which a plurality of control logics are defined, each of the defined control logics being employed by a corresponding one of the plurality of devices, and a plurality of state machines are defined, each of the defined state machines corresponding to a respective one of the plurality of control logics, extracting at least two of the plurality of state machines from the model, each of the extracted state machines defining communication operations of the corresponding control logic employed by the corresponding one of the plurality of devices, each of the extracted state machines including a finite number of states interconnected by transitions, a first subset of the finite number of states representing states of the system, and a second subset of the finite number states representing a series of data exchange states that can be triggered in a corresponding system state of the first subset, by executing a model simulation, or by executing a formal method, namely a mathematical verification of the model, verifying at least one of the following each of the extracted state machines correctly models normal communication in the system; and no logical contradiction exists in each of the extracted state machines, and converting the extracted state machines, having been subjected to said verification, into the whitelist corresponding to the system state, the whitelist being a list of permitted types of packets to be compared against incoming packets in the system to detect an intrusion into the system of a cyberattack while the system is operative. 2. The whitelist generator according to claim 1 , wherein the process generates the whitelist from the extracted state machines on the basis of a determined state of the system. 3. The whitelist generator according to claim 1 , wherein the process improves at least one of the extracted state machines as required on the basis of a verification result obtained in relation to the at least one of the extracted state machines. 4. The whitelist generator according to claim 2 , wherein the process improves at least one of the extracted state machines as required on the basis of a verification result obtained in relation to the at least one of the extracted state machines. 5. The whitelist generator according to claim 1 , wherein the process further converts the whitelist into at least one of the extracted state machines. 6. The whitelist generator according to claim 2 , wherein the process further converts the whitelist into at least one of the extracted state machines. 7. The whitelist generator according to claim 3 , wherein the process further converts the whitelist into at least one of the extracted state machines. 8. The whitelist generator according to claim 4 , wherein the process further converts the whitelist into at least one of the extracted state machines. 9. A whitelist generation method applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, and generating a whitelist corresponding to a system state in order to use for whitelisting intrusion detection, the whitelist generation method comprising: receiving a model of the system in which a plurality of control logics are defined, each of the defined control logics being employed by a corresponding one of the plurality of devices, and a plurality of state machines are defined, each of the defined state machines corresponding to a respective one of the plurality of control logics, extracting at least two of the plurality of state machines from the model, each of the extracted state machines defining communication operations of the corresponding control logic employed by the corresponding one of the plurality of devices, each of the extracted state machines including a finite number of states interconnected by transitions, a first subset of the finite number of states representing states of the system, a second subset of the finite number states representing a series of data exchange states that can be triggered in a corresponding system state of the first subset; by executing a model simulation, or by executing a formal method, namely a mathematical verification of the model, verifying at least one of the following each of the extracted state machines correctly models normal communication in the system, and no logical contradiction exists in each of the extracted state machines; and converting the extracted state machines, having been subjected to said verification, into the whitelist corresponding to the system state, the whitelist being a list of permitted types of packets to be compared against incoming packets in the system to detect an intrusion into the system of a cyberattack while the system is operative. 10. The whitelist generation method according to claim 9 , wherein, in converting, the whitelist is generated from the extracted state machines on the basis of a determined state of the system. 11. The whitelist generation method according to claim 9 , wherein, in verifying, at least one of the extracted state machines is improved as required on the basis of a verification result obtained in relation to the at least one of the extracted state machines. 12. The whitelist generation method according to claim 10 , wherein, in verifying, at least one of the extracted state machines is improved as required on the basis of a verification result obtained in relation to the at least one of the extracted state machines. 13. The whitelist generation method according to claim 9 , further comprising converting the whitelist into at least one of the extracted state machines. 14. The whitelist generation method according to claim 10 , further comprising converting the whitelist into at least one of the extracted state machines. 15. The whitelist generation method according to claim 11 , further comprising converting the whitelist into at least one of the extracted state machines. 16. The whitelist generation method according to claim 12 , further comprising converting the whitelist into at least one of the extracted state machines.
Assignees
Inventors
Classifications
- H04L63/101Primary
Access control lists [ACL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11665165B2 cover?
- An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of device…
- Who is the assignee on this patent?
- Mitsubishi Electric Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 30 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).