×

System and method for visualizing and analyzing cyber-attacks using a graph model

  • US 10,313,382 B2
  • Filed: 03/29/2016
  • Issued: 06/04/2019
  • Est. Priority Date: 03/29/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computing system for assessing a computer network using a graph database, comprising:

  • a plurality of network sensors;

    one or more sensor interfaces configured to received data from the plurality of network sensors;

    one or more processors;

    memory; and

    one or more programs stored in the memory that when executed by the one or more processors cause the one or more processors to;

    receive data from the plurality of network sensors and convert the received data to a common format, wherein the received data is based on a present state of a computer network;

    generate a graph model comprising a plurality of nodes and a plurality of edges based on the data converted to the common format and store the generated plurality of nodes and the plurality of edges within a graph database, wherein the graph model comprises a plurality of predetermined layers, each layer associated with a type of computer-network information and comprising a subset of the plurality of nodes and the plurality of edges that is generated from the received data supplying the type of computer-network information associated with that layer;

    receive a cyber-domain specific data query from a user of the computing system;

    convert the received cyber-domain specific data query to a graph database native query comprising function calls for returning corresponding matching subgraphs from the plurality of predetermined layers of the graph model; and

    execute the graph database native query upon the graph database to provide the user with a visualization of the returned matching subgraphs from across the predetermined layers of the graph model.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×