The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 12, 2022
Filed:
Oct. 26, 2017
International Business Machines Corporation, Armonk, NY (US);
Yoichi Hatsutori, Tokyo, JP;
Takuya Mishina, Kanagawa, JP;
Naoto Sato, Kanagawa-ken, JP;
Fumiko Satoh, Tokyo, JP;
INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US);
Abstract
A method is provided for reducing memory consumption by a rule engine. The method includes receiving attack trees, each having nodes and edges. Each node represents a security event and is associated with a detection rule for detecting an occurrence thereof. Each edge connects a respective node pair. The method includes assigning a watchpoint to each leaf node. The method includes moving the watchpoint assigned to any leaf node to a next upstream node, responsive to detecting an occurrence of the security event represented by the leaf node. The method includes erasing the watchpoint assigned to all downstream nodes relative to the next upstream node, responsive to the next upstream node being connected to a next downstream node using an edge having an 'OR' join type. Only the rules for nodes currently having the watchpoint assigned are loaded into a memory device during runtime, while excluding rules for remaining nodes.