| 发明名称 |
System and Method for Cyber Security Analysis and Human Behavior Prediction |
| 摘要 |
An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks. |
| 申请公布号 |
US2016205122(A1) |
申请公布日期 |
2016.07.14 |
| 申请号 |
US201615076089 |
申请日期 |
2016.03.21 |
| 申请人 |
Bassett Gabriel |
发明人 |
Bassett Gabriel |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for analyzing computer network security, comprising:
establishing multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security; creating an estimate for each node that estimates the ease of realizing the event, condition, or attribute of the node; identifying attack paths based on attack vectors that may be used by actor, where the attack paths represent a linkage of nodes that reach a condition of compromise of network security; calculating edge probabilities for the attack paths based on the estimates for each node along the attack path, where the node estimates and edge probabilities are determined by calculating a probability of likelihood for the nodes based on Markov Monte Carlo simulations of paths from an attacker to the nodes; generating an attack graph that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions of compromise based on combined estimates of the ease of the attack paths and the application of actor attributes; where events and conditions on the attack graph are connected to observable nodes associated with physical sensors on the network, where the physical sensors predict the events and conditions; detecting attacks on the computer network through a correlation of the observable nodes with the physical sensors; where security alerts are generated in response to detected attacks; where benign actors are modeled in addition to threat actors, generating a benign action graph and associated benign paths; and where the benign paths are compared to an attack graph and associated attack paths to generate alerts by differential analysis of benign v. threat actor scores. |
| 地址 |
Fairview TN US |
