Cybersecurity system with differentiated capacity to deal with complex cyber attacks

US 10,148,678 B2
Filed: 10/01/2015
Issued: 12/04/2018
Est. Priority Date: 10/01/2015
Status: Active Grant

First Claim

Patent Images

1. An aviation cyber security system comprising:

a reactive sublayer that monitors and tracks cybersecurity sublayer data for forensic analysis, the cybersecurity sublayer data comprising data from across an aviation ecosystem that is selected from the group consisting of viruses, malware, domain name servers (DNS), denial of service (DOS) attacks, and Internet Protocol (IP) addresses and domains;

a resilient overlayer that monitors, tracks, and measures cybersecurity overlayer data across a plurality of cyber environments comprising an aviation cyber environment, the cybersecurity overlayer data comprising events and news data relating to the cyber security system'"'"'s global goals, wherein the overlayer is disjoint from the sublayer;

an anticipatory layer that monitors and tracks cybersecurity anticipatory layer data generated from an industry ecosystem for analysis, the anticipatory layer data being selected from the group consisting of viruses, malware, domain name servers (DNS), denial of service (DOS) attacks, and Internet Protocol (IP) addresses and domains, wherein the anticipatory layer is disjoint from the overlayer and from the reactive sublayer;

a complex adaptive system (CAS) algorithm that is used to learn, predict, and take action based on the cybersecurity sublayer data, the cybersecurity overlayer data, and the cybersecurity anticipatory layer data, to feed information to a machine learning module, and to identify probable developing threat regions based at least in part of the cybersecurity overlayer data; and

at least one bi-directional connection module that facilitates a feedback loop throughout the system, wherein the feedback loop comprises the machine learning module, wherein the overlayer and the sublayer exchange cybersecurity data via the at least one bi-directional connection module, and the exchanged cybersecurity data is correlated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved cyber security protection system with differentiated capacity to deal with complex cyber attacks in complex, highly-connected industries. The system architecture is goal-oriented and separates security goals and concerns by layers that are assigned specific functions to address only those goals. The functions operate concurrently within the layers and provide insight on their respective layers. The layers are interconnected with connection modules using bi-directional interfacing to establish a feedback look within the entire system. Complex adaptive systems (CAS) algorithms are used to identify the probably threats to the system.

22 Citations

10 Claims

1. An aviation cyber security system comprising:
- a reactive sublayer that monitors and tracks cybersecurity sublayer data for forensic analysis, the cybersecurity sublayer data comprising data from across an aviation ecosystem that is selected from the group consisting of viruses, malware, domain name servers (DNS), denial of service (DOS) attacks, and Internet Protocol (IP) addresses and domains;
  
  a resilient overlayer that monitors, tracks, and measures cybersecurity overlayer data across a plurality of cyber environments comprising an aviation cyber environment, the cybersecurity overlayer data comprising events and news data relating to the cyber security system'"'"'s global goals, wherein the overlayer is disjoint from the sublayer;
  
  an anticipatory layer that monitors and tracks cybersecurity anticipatory layer data generated from an industry ecosystem for analysis, the anticipatory layer data being selected from the group consisting of viruses, malware, domain name servers (DNS), denial of service (DOS) attacks, and Internet Protocol (IP) addresses and domains, wherein the anticipatory layer is disjoint from the overlayer and from the reactive sublayer;
  
  a complex adaptive system (CAS) algorithm that is used to learn, predict, and take action based on the cybersecurity sublayer data, the cybersecurity overlayer data, and the cybersecurity anticipatory layer data, to feed information to a machine learning module, and to identify probable developing threat regions based at least in part of the cybersecurity overlayer data; and
  
  at least one bi-directional connection module that facilitates a feedback loop throughout the system, wherein the feedback loop comprises the machine learning module, wherein the overlayer and the sublayer exchange cybersecurity data via the at least one bi-directional connection module, and the exchanged cybersecurity data is correlated.
- View Dependent Claims (2, 3, 4)
- - 2. The cyber security system of claim 1 wherein each of the sublayer and overlayer further comprise functions that operate within the sublayer and overlayer.
  - 3. The cyber security system of claim 1 wherein the CAS algorithm is modified to:
    - create state machines representing the cyber security system;
      
      run the state machines and record their transitions;
      
      associate probabilities with the transitions;
      
      predict outcomes based on the probabilities;
      
      determine if action needs to be taken; and
      
      take action if a level of probability is over predetermined threshold.
  - 4. The cyber security system of claim 1 wherein the cybersecurity overlayer data includes data selected from the group consisting of motivational behaviors and political and structural macro trends.

5. An aviation cybersecurity system having at least one cybersecurity goal of predicting complex threats, the cybersecurity system comprising:
- a first layer that addresses the cybersecurity goal by monitoring and tracking cybersecurity first layer data generated from inputs managed by an aviation entity managing the cybersecurity system, wherein the first layer is reactive;
  
  a second layer that addresses the cybersecurity goal by monitoring and tracking cybersecurity second layer data generated from an industry ecosystem for analysis, the second layer data being selected from the group consisting of viruses, malware, domain name servers (DNS), denial of service (DOS) attacks, and Internet Protocol (IP) addresses and domains, wherein the second layer is anticipatory and disjoint from the first layer;
  
  a third layer that addresses the cybersecurity goal by monitoring, tracking, and measuring cybersecurity third layer data across a plurality of cyber environments comprising an aviation cyber environment, the third layer data comprising events and news data relating to the cybersecurity goal from a global perspective, wherein the third layer is resilient and disjoint from the first layer and the second layer; and
  
  a complex adaptive system (CAS) algorithm that is used to learn, predict, and take action based on the first layer data, second layer data, and third layer data, to feed information to a machine learning module, and to identify probable developing threat regions based at least in part of the cybersecurity third layer data; and
  
  at least one bi-directional connection module that facilitates a feedback loop throughout the system, wherein the feedback loop comprises the machine learning module, wherein the first layer, second layer, and third layer exchange cybersecurity data after the cybersecurity data has been processed within the respective layers via the at least one bi-directional connection module, and the exchanged cybersecurity data is correlated.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The cybersecurity system of claim 5 wherein each of the first layer, second layer, and third layer comprises functions that operate concurrently within the respective layers to deliver insights relevant to the respective layers regarding the cybersecurity goal.
  - 7. The cybersecurity system of claim 5 wherein the first layer, second layer, and third layer perform calculations in parallel.
  - 8. The cybersecurity system of claim 5 wherein if any one of the first layer, second layer, or third layer is disrupted, the remaining layers continue to monitor and track cybersecurity data within their respective layers regarding the cybersecurity goal.
  - 9. The cybersecurity system of claim 5 wherein the CAS algorithm is modified to:
    - create state machines representing the cybersecurity system;
      
      run the state machines and record their transitions;
      
      associate probabilities with the transitions;
      
      predict outcomes based on the probabilities;
      
      determine if action needs to be taken; and
      
      take action if a level of probability is over predetermined threshold.
  - 10. The cybersecurity system of claim 5 wherein the cybersecurity third layer data includes data selected from the group consisting of motivational behaviors and political and structural macro trends.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Mead, Jadranka, Vasatka, James E., Craig, John A.
Primary Examiner(s)
Kim, Tae K

Application Number

US14/872,698
Publication Number

US 20170099308A1
Time in Patent Office

1,160 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06N 7/01   Probabilistic graphical mod...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Cybersecurity system with differentiated capacity to deal with complex cyber attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Cybersecurity system with differentiated capacity to deal with complex cyber attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links