What technology area does this patent fall under?

Primary CPC classification G06F21/566. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Feb 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Behavioral threat detection definition and compilation

US12235960B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12235960-B2
Application number	US-202217698200-A
Country	US
Kind code	B2
Filing date	Mar 18, 2022
Priority date	Mar 27, 2019
Publication date	Feb 25, 2025
Grant date	Feb 25, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.

First claim

Opening claim text (preview).

What is claimed is: 1. A non-transitory computer readable medium, comprising instructions for generating a packaged behavior rule for behavioral threat detection, the instructions for: processing a first set of rule instructions to generate a first behavior rule binary, wherein processing comprises: generating, from the first set of rule instructions, an intermediate language output, wherein the intermediate language output is a representation of the first set of rule instructions and comprises at least one event operation code and at least one halt operation code, wherein the halt operation code indicates a determination with respect to a behavior; and compiling the intermediate language output to generate the first behavior rule binary; processing a second set of rule instructions to generate a second behavior rule binary; generating an event hierarchy for the first behavior rule binary and the second behavior rule binary, wherein the event hierarchy comprises an indication of one or more events processed by the first behavior rule binary and the second behavior rule binary; generating a launch chain for the first behavior rule binary and the second behavior rule binary, wherein the launch chain comprises an indication that the first behavior rule binary launches the second behavior rule binary; generating a packaged behavior rule comprising the first behavior rule binary, the second behavior rule binary, information relating to the event hierarchy, and information relating to the launch chain; and distributing the generated packaged behavior rule to a computing device. 2. The non-transitory computer readable medium of claim 1 , wherein generating the launch chain further comprises: evaluating the launch chain to determine whether a launch cycle is present in the launch chain; and when it is determined that the launch cycle is present in the launch chain, generating an indication of the launch cycle. 3. The non-transitory computer readable medium of claim 1 , wherein generating the launch chain further comprises: evaluating the launch chain to determine whether a launch cycle is present in the launch chain; and when it is determined that the launch cycle is present in the launch chain, automatically resolving the launch cycle in the launch chain. 4. The non-transitory computer readable medium of claim 1 , wherein the packaged behavior rule further comprises a header and read-only data for at least one of the first behavior rule and the second behavior rule. 5. The non-transitory computer readable medium of claim 1 , wherein distributing the generated packaged behavior rule to a computing device comprises providing the generated packaged behavior rule to a security service for further distribution. 6. A non-transitory computer readable medium for processing a behavior rule for behavioral threat detection, comprising instructions for: generating, from a set of rule instructions for a first behavior rule to identify a behavior, an intermediate language output, wherein the intermediate language output is a representation of the set of rule instructions and comprises at least one event operation code and at least one halt operation code, wherein the halt operation code indicates a determination with respect to the behavior; compiling the intermediate language output to generate a behavior rule binary; generating an event hierarchy for the generated behavior rule binary, wherein the event hierarchy comprises an indication of one or more events processed by the behavior rule binary; and distributing the generated behavior rule binary and information relating to the generated event hierarchy to a computing device, wherein the generated behavior rule binary is executable in a rule virtual machine of the computing device. 7. The non-transitory computer readable medium of claim 6 , wherein the set of rule instructions comprises an instruction to launch a second behavior rule, and wherein the instructions are further for: generating a launch chain for the behavior rule binary, wherein the launch chain comprises an indication that the generated behavior rule binary launches the second behavior rule. 8. The non-transitory computer readable medium of claim 7 , wherein generating the launch chain further comprises: evaluating the launch chain to determine whether a launch cycle is present in the launch chain; and when it is determined that that launch cycle is present in the launch chain, generating an indication of the launch cycle. 9. The non-transitory computer readable medium of claim 7 , wherein distributing the generated behavior rule binary further comprises distributing a second rule binary for the second behavior rule and information relating to the generated launch chain. 10. The non-transitory computer readable medium of claim 6 , wherein distributing the generated behavior rule binary and information relating to the generated event hierarchy comprises distributing a packaged behavior rule, wherein the packaged behavior rule comprises a header, the generated behavior rule binary, and the information relating to the generated event hierarchy. 11. The non-transitory computer readable medium of claim 10 , wherein the packaged behavior rule further comprises a second rule binary for a second behavior rule. 12. The non-transitory computer readable medium of claim 11 , wherein the packaged behavior rule further comprises information relating to a launch chain for the first behavior rule and the second behavior rule. 13. A system, comprising: a processor; and a non-transitory computer readable medium, comprising instructions for generating, from a set of rule instructions for a first behavior rule to identify a behavior, an intermediate language output, wherein the intermediate language output is a representation of the set of rule instructions and comprises at least one event operation code and at least one halt operation code, wherein the halt operation code indicates a determination with respect to the behavior; compiling the intermediate language output to generate a behavior rule binary; generating an event hierarchy for the generated behavior rule binary, wherein the event hierarchy comprises an indication of one or more events processed by the behavior rule binary; and distributing the generated behavior rule binary and information relating to the generated event hierarchy to a computing device, wherein the generated behavior rule binary is executable in a rule virtual machine of the computing device. 14. The system of claim 13 , wherein the set of rule instructions comprises an instruction to launch a second behavior rule, and wherein the instructions are further for: generating a launch chain for the behavior rule binary, wherein the launch chain comprises an indication that the generated behavior rule binary launches the second behavior rule. 15. The system of claim 14 , wherein generating the launch chain further comprises: evaluating the launch chain to determine whether a launch cycle is present in the launch chain; and when it is determined that that launch cycle is present in the launch chain, generating an indication of the launch cycle. 16. The system of claim 14 , wherein distributing the generated behavior rule binary further comprises distributing a second rule binary for the second behavior rule and information relating to the generated launch chain. 17. The system of claim 13 , wherein distributing the generated behavior rule binary and information relating to the generated event hierarchy comprises distributing a packaged behavior

Assignees

Open Text Inc

Inventors

Classifications

G06F21/567
using dedicated hardware · CPC title
G06F8/41
Compilation · CPC title
G06F2009/45587
Isolation or security of virtual machine instances · CPC title
G06F9/45558
Hypervisor-specific management and integration aspects · CPC title
G06F21/552
involving long-term monitoring or reporting · CPC title

Patent family

Related publications grouped by family.

View patent family 72606202

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12235960B2 cover?: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Ev…
Who is the assignee on this patent?: Open Text Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/566. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Feb 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).