METHODS AND SYSTEMS FOR DEFENDING CYBER ATTACK IN REAL-TIME

摘要

Provided are processes of monitoring or modifying a network of electronically connected assets that dynamically builds relationships and dependencies among detected vulnerabilities in one or more of the assets and sensor measurements so that risk assessment can be achieved more accurately and in real-time. A process includes: identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in the plurality of vulnerabilities; creating a hidden Markov model representing an attack state of each vulnerability of the plurality of vulnerabilities; determining the exploit likelihood of each of the attack states at a first time; determining the most probable sequences or paths of the attack states; and identifying dynamically the risk of one or more of the critical assets based on the sequences or paths of attack states.

主权项

1. A process for defending attack of one or more critical assets within a network of electronically interconnected devices in real-time comprising:
identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in said plurality of vulnerabilities; creating a hidden Markov model for said plurality of vulnerabilities and their relevant observations, where each state of the model represents the attack state of a distinct vulnerability; determining the exploit likelihood of each of said vulnerabilities at a first time; determining the impact of exploitation of each of said vulnerabilities at said first time; determining the most probable sequences or paths of attack states representing exploited vulnerabilities; and identifying dynamically the risk of one or more of said critical assets based on exploit likelihood and exploitation impact of said sequences or paths of attack states.