Automated execution and evaluation of network-based training exercises

US 10,068,493 B2
Filed: 06/30/2016
Issued: 09/04/2018
Est. Priority Date: 02/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises;

receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;

selecting at least one source document that defines one or more rules for use by the target system; and

configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and

during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

94 Citations

View as Search Results

22 Claims

1. A method comprising:
- prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises;
  
  receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;
  
  selecting at least one source document that defines one or more rules for use by the target system; and
  
  configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and
  
  during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the one or more virtual network elements included in the network topology of the target system include one or more of a firewall device, a router, a web server, a workstation, a network connection, or a bridge.
  - 3. The method of claim 1, wherein receiving the model of the network topology of the target system comprises receiving user input via a graphical user interface to specify the one or more virtual network elements.
  - 4. The method of claim 1, wherein the at least one source document comprises one or more pre-defined documents.
  - 5. The method of claim 1, further comprising:
    - customizing the at least one source document to alter the one or more rules used by the target system.
  - 6. The method of claim 1, wherein the one or more rules used by the target system comprise one or more setup rules for use in setting up a scenario of the computer-based training exercise.
  - 7. The method of claim 1, wherein the at least one source document comprises at least one first source document, and wherein providing the virtual environment further comprises:
    - receiving a model of a network topology of the attack system, the network topology of the attack system including one or more virtual network elements;
      
      selecting at least one second source document that defines one or more rules for use by the attack system; and
      
      configuring the attack system based on the one or more rules defined by the at least one second source document, wherein configuring the attack system comprises providing one or more virtual machines of the attack system that correspond to the one or more virtual network elements included in the network topology of the attack system.
  - 8. The method of claim 7, wherein the one or more rules used by the attack system comprise one or more attack rules for use in initiating the simulated attack during the computer-based training exercise.
  - 9. The method of claim 1, further comprising:
    - processing scenario traffic for the computer-based training exercise on a first communication channel;
      
      processing out-of-band data for the computer-based training exercise on a second communication channel that is distinct from the first communication channel, such that the out-of-band data does not interfere with the scenario traffic; and
      
      controlling the computer-based training exercise using the out-of-band data.
  - 10. The method of claim 1, further comprising:
    - after the computer-based training exercise has completed execution, generating an automated evaluation of a performance of a human trainee who interacted with the one or more virtual machines of the target system during execution of the computer-based training exercise.

11. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause one or more processors to perform operations comprising:
- prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises;
  
  receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;
  
  selecting at least one source document that defines one or more rules for use by the target system; and
  
  configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and
  
  during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein the one or more virtual network elements included in the network topology of the target system include one or more of a firewall device, a router, a web server, a workstation, a network connection, or a bridge.
  - 13. The non-transitory computer-readable storage medium of claim 11, wherein receiving the model of the network topology of the target system comprises receiving user input via a graphical user interface to specify the one or more virtual network elements.
  - 14. The non-transitory computer-readable storage medium of claim 11, wherein the at least one source document comprises one or more pre-defined documents.
  - 15. The non-transitory computer-readable storage medium of claim 11, wherein the operations further comprise:
    - customizing the at least one source document to alter the one or more rules used by the target system.
  - 16. The non-transitory computer-readable storage medium of claim 11, wherein the at least one source document comprises at least one first source document, and wherein providing the virtual environment further comprises:
    - receiving a model of a network topology of the attack system, the network topology of the attack system including one or more virtual network elements;
      
      selecting at least one second source document that defines one or more rules for use by the attack system; and
      
      configuring the attack system based on the one or more rules defined by the at least one second source document, wherein configuring the attack system comprises providing one or more virtual machines of the attack system that correspond to the one or more virtual network elements included in the network topology of the attack system.

17. A system comprising:
- one or more processors; and
  
  a non-transitory computer-readable storage medium storing instructions that, when executed, cause the one or more processors to;
  
  prior to execution of a computer-based training exercise, provide a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein the instructions that cause the one or more processors to provide the virtual environment further cause the one or more processors to;
  
  receive a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;
  
  select at least one source document that defines one or more rules for use by the target system; and
  
  configure the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and
  
  during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, perform, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, wherein the one or more virtual network elements included in the network topology of the target system include one or more of a firewall device, a router, a web server, a workstation, a network connection, or a bridge.
  - 19. The system of claim 17, wherein the instructions stored by the non-transitory computer-readable storage medium that cause the one or more processors to receive the model of the network topology of the target system further cause the one or more processors to receive user input via a graphical user interface to specify the one or more virtual network elements.
  - 20. The system of claim 17, wherein the at least one source document comprises one or more pre-defined documents.
  - 21. The system of claim 17, wherein the instructions stored by the non-transitory computer-readable storage medium further cause the one or more processors to:
    - customize the at least one source document to alter the one or more rules used by the target system.
  - 22. The system of claim 17, wherein the at least one source document comprises at least one first source document, and wherein the instructions stored by the non-transitory computer-readable storage medium that cause the one or more processors to provide the virtual environment further cause the one or more processors to:
    - receive a model of a network topology of the attack system, the network topology of the attack system including one or more virtual network elements;
      
      select at least one second source document that defines one or more rules for use by the attack system; and
      
      configure the attack system based on the one or more rules defined by the at least one second source document, wherein configuring the attack system comprises providing one or more virtual machines of the attack system that correspond to the one or more virtual network elements included in the network topology of the attack system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Brueckner, Stephen K., Adelstein, Frank N., Bar, Haim Yehuda, Donovan, Matthew P.
Primary Examiner(s)
Utama, Robert J

Application Number

US15/199,279
Publication Number

US 20170032695A1
Time in Patent Office

796 Days
Field of Search
US Class Current
CPC Class Codes

G09B 19/003   Repetitive work cycles; Seq...

G09B 19/0053   Computers, e.g. programming

G09B 5/00   Electrically-operated educa...

G09B 7/00   Electrically-operated teach...

G09B 9/00   Simulators for teaching or ...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/1458   Denial of Service

H04L 63/1475   Passive attacks, e.g. eaves...

Automated execution and evaluation of network-based training exercises

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Automated execution and evaluation of network-based training exercises

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links