Methods and systems for defending cyber attack in real-time
First Claim
1. A process for defending attack of one or more critical assets within a network of electronically interconnected devices in real-time comprising:
- identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets;
determining dependencies between each vulnerability in said plurality of vulnerabilities;
creating a hidden Markov model for said plurality of vulnerabilities and their relevant observations, where each state of the model represents an attack state of a distinct vulnerability;
determining an exploit likelihood of each of said vulnerabilities at a first time;
determining an impact of exploitation of each of said vulnerabilities at said first time;
determining a most probable sequences or paths of attack states representing exploited vulnerabilities; and
identifying dynamically a risk of one or more of said critical assets based on exploit likelihood and exploitation impact of said sequences or paths of attack states,wherein said step of determining the exploit likelihood of each of said attack states at a first time comprises using state transition weights or probabilities of all incoming links of the attack state and calculating an impact of each attack state using the state transition weights or probabilities of outgoing links of each attack state in the hidden Markov model.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are processes of monitoring or modifying a network of electronically connected assets that dynamically builds relationships and dependencies among detected vulnerabilities in one or more of the assets and sensor measurements so that risk assessment can be achieved more accurately and in real-time. A process includes: identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in the plurality of vulnerabilities; creating a hidden Markov model representing an attack state of each vulnerability of the plurality of vulnerabilities; determining the exploit likelihood of each of the attack states at a first time; determining the most probable sequences or paths of the attack states; and identifying dynamically the risk of one or more of the critical assets based on the sequences or paths of attack states.
-
Citations
19 Claims
-
1. A process for defending attack of one or more critical assets within a network of electronically interconnected devices in real-time comprising:
-
identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in said plurality of vulnerabilities; creating a hidden Markov model for said plurality of vulnerabilities and their relevant observations, where each state of the model represents an attack state of a distinct vulnerability; determining an exploit likelihood of each of said vulnerabilities at a first time; determining an impact of exploitation of each of said vulnerabilities at said first time; determining a most probable sequences or paths of attack states representing exploited vulnerabilities; and identifying dynamically a risk of one or more of said critical assets based on exploit likelihood and exploitation impact of said sequences or paths of attack states, wherein said step of determining the exploit likelihood of each of said attack states at a first time comprises using state transition weights or probabilities of all incoming links of the attack state and calculating an impact of each attack state using the state transition weights or probabilities of outgoing links of each attack state in the hidden Markov model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transient computer readable medium comprising computer instructions that, when executed by at least one processor, causes the at least one processor to perform a process for defending attack of one or more critical assets within a network of electronically interconnected devices in real-time, the process comprising:
-
identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in said plurality of vulnerabilities; creating a hidden Markov model for said plurality of vulnerabilities and their relevant observations, where each state of the model represents an attack state of a distinct vulnerability; determining an exploit likelihood of each of said vulnerabilities at a first time;
determining an impact of exploitation of each of said vulnerabilities at said first time;determining a most probable sequences or paths of attack states representing exploited vulnerabilities; and identifying dynamically a risk of one or more of said critical assets based on exploit likelihood and exploitation impact of said sequences or paths of attack states, wherein said step of determining the exploit likelihood of each of said attack states at a first time comprises using state transition weights or probabilities of all incoming links of the attack state and calculating an impact of each attack state using the state transition weights or probabilities of outgoing links of each attack state in the hidden Markov model.
-
Specification