< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Method And System For Managing Policies In A Network Security System

Abstract: The present disclosure discloses method and policy management system for managing policies in network security system. The policy management system receives one or more data packets from request source of plurality of request sources, monitors at least one of, an inbound transmission time, an out bound transmission time and a jitter hit rate associated with the one or more data packets and a hit count, a current hit count, last hit time and hit per policy associated with each of plurality of policies of network firewall in real-time. Based on monitoring, policy management system estimates a hit count percentage for each of the plurality of policies and groups plurality of policies into plurality of policy clusters based on hit count percentage associated with each of the plurality of policies. Thus, the present disclosure provides an efficient way of managing network firewall policies without any human intervention. Fig.1

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
28 March 2018
Publication Number
40/2019
Publication Type
INA
Invention Field
COMMUNICATION
Status
Email
bangalore@knspartners.com
Parent Application
Patent Number
Legal Status
Grant Date
2024-02-08
Renewal Date

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. RISHAV DAS
33/1 Nandi Bagan Bye Lane, P.O: Salkia, P.S: Golabari; Dist: Howrah 711106, West Bengal, India.
2. MAULIK YAGNIK
307, V.S. Cozy apartment, 28th A Main, 6th Phase J.P. Nagar, Bangalore. 560078, Karnataka, India.

Specification

Claims:We claim:
1. A method for managing policies in a network security system, the method comprising:
receiving, by a policy management system (101) associated with a network firewall (103), one or more data packets from a request source of a plurality of request sources (105);
monitoring, by the policy management system (101), at least one of, an inbound transmission time, an out bound transmission time and a jitter hit rate associated with the one or more data packets and a hit count, a current hit count, a last hit time and a hit per policy associated with each of plurality of policies of the network firewall (103) in real-time;
estimating, by the policy management system (101), a hit count percentage for each of the plurality of policies based on the monitoring; and
grouping, by the policy management system (101), the plurality of policies into a plurality of policy clusters, based on the hit count percentage associated with each of the plurality of policies, to manage the policies of the network firewall (103).
2. The method as claimed in claim 1, wherein the hit count percentage represents number of times each policy in the plurality of policies is referenced.
3. The method as claimed in claim 1, wherein the hit count percentage is estimated based on at least one of multilinear regression and linear regression technique.

4. The method as claimed in claim 1, wherein grouping the plurality of policies comprises:
ranking, by the policy management system (101), the plurality of policies based on corresponding hit count percentage; and
grouping, by the policy management system (101), the plurality of policies into the plurality of policy clusters based on the ranking.
5. The method as claimed in claim 4 further comprising ranking the plurality of policy clusters based on the ranking of the plurality of policies associated with each of the policy cluster.
6. The method as claimed in claim 5 further comprising:
scanning, by the policy management system (101), upcoming data packets, using the plurality of policies in an order of the ranking of the plurality of policy clusters and an order of the ranking of the plurality of policies within each of the plurality of policy clusters.

7. The method as claimed in claim 6 further comprising scanning the upcoming data packets with the plurality of policies associated with a policy cluster of the plurality of policy clusters ranked subsequent to a current scanning policy cluster of the plurality of policy clusters, when the upcoming data packets are passed by the current scanning policy cluster.
8. A policy management system (101) for managing policies in a network security system, comprising:
a processor (113); and
a memory (111) communicatively coupled to the processor (113), wherein the memory (111) stores processor instructions, which, on execution, causes the processor (113) to:
receive one or more data packets from a request source of a plurality of request sources (105);
monitor at least one of, an inbound transmission time, an out bound transmission time and a jitter hit rate associated with the one or more data packets and a hit count, a current hit count, a last hit time, a hit per policy associated with each of plurality of policies of a network firewall (103) in real-time;
estimate a hit count percentage for each of the plurality of policies based on the monitoring; and
group the plurality of policies into a plurality of policy clusters, based on the hit count percentage associated with each of the plurality of policies, to manage the policies of the network firewall (103).
9. The policy management system (101) as claimed in claim 8, wherein the hit count percentage represents number of times each policy in the plurality of policies is referenced.
10. The policy management system (101) as claimed in claim 8, wherein the hit count percentage is estimated based on at least one of multilinear regression and linear regression technique.

11. The policy management system (101) as claimed in claim 8, wherein the processor (113) groups the plurality of policies by:

ranking the plurality of policies based on corresponding hit count percentage; and
grouping the plurality of policies into the plurality of policy clusters based on the ranking.

12. The policy management system (101) as claimed in claim 11, wherein the processor (113) ranks the plurality of policy clusters based on the ranking of the plurality of policies associated with each of the policy cluster.
13. The policy management system (101) as claimed in claim 12, wherein the processor (113) performs:
scanning upcoming data packets using the plurality of policies in an order of the ranking of the plurality of policy clusters and an order of the ranking of the plurality of policies within each of the plurality of policy clusters.
14. The policy management system (101) as claimed in claim 13, wherein the processor (113) scans the upcoming data packets with the plurality of policies associated with a policy cluster of the plurality of policy clusters ranked subsequent to a current scanning policy cluster of the plurality of policy clusters, when the upcoming data packets are passed by the current scanning policy cluster.
Dated this 28th day of March, 2018

R Ramya Rao
Of K&S Partners
Agent for the Applicant
IN/PA-1607
, Description:TECHNICAL FIELD
The present subject matter is related in general to network security, more particularly, but not exclusively to method and system for managing policies in a network security system.

Documents

Application Documents

# Name Date
1 201841011749-STATEMENT OF UNDERTAKING (FORM 3) [28-03-2018(online)].pdf 2018-03-28
2 201841011749-REQUEST FOR EXAMINATION (FORM-18) [28-03-2018(online)].pdf 2018-03-28
3 201841011749-POWER OF AUTHORITY [28-03-2018(online)].pdf 2018-03-28
4 201841011749-FORM 18 [28-03-2018(online)].pdf 2018-03-28
5 201841011749-FORM 1 [28-03-2018(online)].pdf 2018-03-28
6 201841011749-DRAWINGS [28-03-2018(online)].pdf 2018-03-28
7 201841011749-DECLARATION OF INVENTORSHIP (FORM 5) [28-03-2018(online)].pdf 2018-03-28
8 201841011749-COMPLETE SPECIFICATION [28-03-2018(online)].pdf 2018-03-28
9 201841011749-REQUEST FOR CERTIFIED COPY [04-05-2018(online)].pdf 2018-05-04
10 201841011749-Proof of Right (MANDATORY) [17-08-2018(online)].pdf 2018-08-17
11 Correspondence by Agent_Form30,Form1_23-08-2018.pdf 2018-08-23
12 201841011749-REQUEST FOR CERTIFIED COPY [01-10-2018(online)].pdf 2018-10-01
13 201841011749-FER.pdf 2020-06-18
14 201841011749-RELEVANT DOCUMENTS [03-12-2020(online)].pdf 2020-12-03
15 201841011749-PETITION UNDER RULE 137 [03-12-2020(online)].pdf 2020-12-03
16 201841011749-OTHERS [03-12-2020(online)].pdf 2020-12-03
17 201841011749-Information under section 8(2) [03-12-2020(online)].pdf 2020-12-03
18 201841011749-FORM 3 [03-12-2020(online)].pdf 2020-12-03
19 201841011749-FER_SER_REPLY [03-12-2020(online)].pdf 2020-12-03
20 201841011749-DRAWING [03-12-2020(online)].pdf 2020-12-03
21 201841011749-CORRESPONDENCE [03-12-2020(online)].pdf 2020-12-03
22 201841011749-CLAIMS [03-12-2020(online)].pdf 2020-12-03
23 201841011749-US(14)-HearingNotice-(HearingDate-08-01-2024).pdf 2023-12-12
24 201841011749-POA [22-12-2023(online)].pdf 2023-12-22
25 201841011749-FORM 13 [22-12-2023(online)].pdf 2023-12-22
26 201841011749-Correspondence to notify the Controller [22-12-2023(online)].pdf 2023-12-22
27 201841011749-AMENDED DOCUMENTS [22-12-2023(online)].pdf 2023-12-22
28 201841011749-Written submissions and relevant documents [23-01-2024(online)].pdf 2024-01-23
29 201841011749-FORM 3 [23-01-2024(online)].pdf 2024-01-23
30 201841011749-PatentCertificate08-02-2024.pdf 2024-02-08
31 201841011749-IntimationOfGrant08-02-2024.pdf 2024-02-08

Search Strategy

1 search1749E_17-06-2020.pdf

ERegister / Renewals

3rd: 01 May 2024

From 28/03/2020 - To 28/03/2021

4th: 01 May 2024

From 28/03/2021 - To 28/03/2022

5th: 01 May 2024

From 28/03/2022 - To 28/03/2023

6th: 01 May 2024

From 28/03/2023 - To 28/03/2024

7th: 01 May 2024

From 28/03/2024 - To 28/03/2025

8th: 28 Mar 2025

From 28/03/2025 - To 28/03/2026