US2021209227A1PendingUtilityA1

System and method for defending applications invoking anonymous functions

61
Assignee: TWISTLOCK LTDPriority: Sep 20, 2017Filed: Mar 8, 2021Published: Jul 8, 2021
Est. expirySep 20, 2037(~11.2 yrs left)· nominal 20-yr term from priority
G06F 21/54G06F 21/562G06F 21/552G06F 21/554G06N 20/00G06F 21/566G06F 9/445G06F 8/00
61
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for defending an application configured to invoke anonymous functions. The method includes analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to an anonymous function; and creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for defending an application configured to invoke anonymous functions, comprising:
 analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application;   identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to an anonymous function; and   creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.   
     
     
         2 . The method of  claim 1 , wherein the secured instance of the application is configured to apply a machine learning model for detecting anomalous behavior, wherein the machine learning model is trained using a training set including training anonymous function inputs, training anonymous function outputs, and training anonymous function characteristics. 
     
     
         3 . The method of  claim 2 , wherein creating the secured instance of the application further comprises:
 aggregating cloud provider data in order to create a function profile for the anonymous function; and   uploading a new version of the anonymous function including the created function profile, wherein the policy is embedded in the new version of the anonymous function.   
     
     
         4 . The method of  claim 1 , wherein creating the secured instance of the application further comprises:
 rewiring the call to the anonymous function.   
     
     
         5 . The method of  claim 4 , wherein the anonymous function is a first anonymous function, wherein rewiring the call to the first anonymous function further comprises replacing the call to the first anonymous function with a call to a second anonymous function. 
     
     
         6 . The method of  claim 1 , wherein analyzing the application to determine at least one branch of the application further comprises performing a static analysis of an application code of the application. 
     
     
         7 . The method of  claim 1 , wherein analyzing the application to determine at least one branch of the application further comprises performing a dynamic request simulation for the application. 
     
     
         8 . The method of  claim 7 , wherein performing the dynamic request simulation for the application further comprises:
 uploading a test-secured application, wherein the test-secured application is configured to collect data related to requests; and   analyzing the collected data related to the requests in order to identify at least one feature of the requests that is indicative of a potential threat.   
     
     
         9 . The method of  claim 8 , wherein the test-secured application includes a rewired function call to a substitute function, wherein the substitute function is configured to collect the data related to the requests. 
     
     
         10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising:
 analyzing an application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application;   identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to the anonymous function; and   creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.   
     
     
         11 . A system for defending an application configured to invoke anonymous functions, comprising:
 a processing circuitry; and   a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to:   analyze the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application;   identify a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to the anonymous function; and   create a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.   
     
     
         12 . The system of  claim 11 , wherein the secured instance of the application is configured to apply a machine learning model for detecting anomalous behavior, wherein the machine learning model is trained using a training set including training anonymous function inputs, training anonymous function outputs, and training anonymous function characteristics. 
     
     
         13 . The system of  claim 12 , wherein the system is further configured to:
 aggregate cloud provider data in order to create a function profile for the anonymous function; and   upload a new version of the anonymous function including the created function profile, wherein the policy is embedded in the new version of the anonymous function.   
     
     
         14 . The system of  claim 11 , wherein the system is further configured to:
 rewire the call to the anonymous function.   
     
     
         15 . The system of  claim 14 , wherein the anonymous function is a first anonymous function, wherein the system is further configured to:
 replace the call to the first anonymous function with a call to a second anonymous function.   
     
     
         16 . The system of  claim 11 , wherein the system is further configured to:
 perform a static analysis of an application code of the application.   
     
     
         17 . The system of  claim 11 , wherein the system is further configured to:
 perform a dynamic request simulation for the application.   
     
     
         18 . The system of  claim 17 , wherein the system is further configured to:
 upload a test-secured application, wherein the test-secured application is configured to collect data related to requests; and   analyze the collected data related to the requests in order to identify at least one feature of the requests that is indicative of a potential threat.   
     
     
         19 . The system of  claim 18 , wherein the test-secured application includes a rewired function call to a substitute function, wherein the substitute function is configured to collect the data related to the requests.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.