Systems and methods for providing interfaces for visualizing threats within networked control systems

US 10,348,758 B1
Filed: 12/02/2016
Issued: 07/09/2019
Est. Priority Date: 12/02/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing interfaces for visualizing threats within networked control systems, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving a request to provide a graphical interface to visualize a networked control system that comprises a plurality of components;

identifying within the networked control system at least one potential security threat involving at least one potentially compromised component of the networked control system;

providing the graphical interface in response to the request by;

ordering the plurality of components according to a control hierarchy;

portraying each component within the plurality of components within a circular area within the graphical interface, wherein representing each component within the circular area comprises;

arranging the plurality of components according to the control hierarchy such that, for each parent-child pair of components within the hierarchy, a parent component of the parent-child pair is placed closer to a center of the circular area than a child component of the parent-child pair, wherein the control hierarchy is based on a relationship between the parent component of the parent-child pair and the child component of the parent-child pair; and

arranging the plurality of components according to a plurality of domains within the networked control system such that each component falling within a given domain is placed within a corresponding arc of the circular area; and

highlighting, within the graphical interface, an area within an arc of the circular area containing the potentially compromised component based at least in part on identifying the potential security threat involving the potentially compromised component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for providing interfaces for visualizing threats within networked control systems may include (i) receiving a request to provide a graphical interface to visualize a networked control system with multiple components, (ii) identifying within the networked control system a potential security threat involving a potentially compromised component of the networked control system, and (iii) providing the graphical interface by (a) ordering the components according to a control hierarchy, (b) portraying each component within a circular area by arranging the components according to the control hierarchy and according to domains within the networked control system such that each component falling within a given domain is placed within a corresponding arc of the circular area, and (c) highlighting, within the graphical interface, an area within an arc of the circular area containing the potentially compromised component. Various other methods, systems, and computer-readable media are also disclosed.

20 Citations

View as Search Results

20 Claims

1. A computer-implemented method for providing interfaces for visualizing threats within networked control systems, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving a request to provide a graphical interface to visualize a networked control system that comprises a plurality of components;
  
  identifying within the networked control system at least one potential security threat involving at least one potentially compromised component of the networked control system;
  
  providing the graphical interface in response to the request by;
  
  ordering the plurality of components according to a control hierarchy;
  
  portraying each component within the plurality of components within a circular area within the graphical interface, wherein representing each component within the circular area comprises;
  
  arranging the plurality of components according to the control hierarchy such that, for each parent-child pair of components within the hierarchy, a parent component of the parent-child pair is placed closer to a center of the circular area than a child component of the parent-child pair, wherein the control hierarchy is based on a relationship between the parent component of the parent-child pair and the child component of the parent-child pair; and
  
  arranging the plurality of components according to a plurality of domains within the networked control system such that each component falling within a given domain is placed within a corresponding arc of the circular area; and
  
  highlighting, within the graphical interface, an area within an arc of the circular area containing the potentially compromised component based at least in part on identifying the potential security threat involving the potentially compromised component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein highlighting the area within the arc of the circular area comprises highlighting the arc with a color.
  - 3. The computer-implemented method of claim 2, wherein highlighting the area within the arc with a color comprises selecting the color based on a collective threat level within a domain of the control hierarchy corresponding to the arc.
  - 4. The computer-implemented method of claim 1, wherein highlighting the area within the arc of the circular area comprises highlighting a representation of the potentially compromised component within the arc.
  - 5. The computer-implemented method of claim 1, wherein highlighting the area within the arc of the circular area comprises portraying a connection between the potentially compromised component and an additional component that is potentially involved with the potential security threat.
  - 6. The computer-implemented method of claim 1, wherein arranging the plurality of components according to the plurality of domains comprises:
    - determining that a child component within the plurality of components communicates with multiple potential parent components; and
      
      selecting a parent of the child component from the multiple potential parent components based at least in part on a volume of communication between the child component and the parent of the child component.
  - 7. The computer-implemented method of claim 1, wherein each domain within the plurality of domains corresponds to a distinct function within the networked control system.
  - 8. The computer-implemented method of claim 1, wherein each domain within the plurality of domains comprises a parent component within the plurality of components and each descendent component of the parent component.
  - 9. The computer-implemented method of claim 1, wherein arranging the plurality of components according to the control hierarchy comprises:
    - determining, for each component within the plurality of components, a component type of the component; and
      
      placing the component at a predetermined distance from the center of the circular area based at least in part on the component type of the component.
  - 10. The computer-implemented method of claim 1, further comprising:
    - receiving an input via the graphical interface directed at the potentially compromised component;
      
      providing, via the graphical interface and in response to the input, additional information describing the potentially compromised component and the potential security threat.
  - 11. The computer-implemented method of claim 1, further comprising:
    - receiving an input via the graphical interface directed at a representation of a connection between the potentially compromised component and an additional component that is potentially involved with the potential security threat;
      
      providing, via the graphical interface and in response to the input, additional information describing the potential security threat as the potential security threat relates to the potentially compromised component and the additional component.

12. A system for providing interfaces for visualizing threats within networked control systems, the system comprising:
- a receiving module, stored in memory, that receives a request to provide a graphical interface to visualize a networked control system that comprises a plurality of components;
  
  an identification module, stored in memory, that identifies within the networked control system at least one potential security threat involving at least one potentially compromised component of the networked control system;
  
  a providing module, stored in memory, that provides the graphical interface in response to the request by;
  
  ordering the plurality of components according to a control hierarchy;
  
  portraying each component within the plurality of components within a circular area within the graphical interface, wherein representing each component within the circular area comprises;
  
  arranging the plurality of components according to the control hierarchy such that, for each parent-child pair of components within the hierarchy, a parent component of the parent-child pair is placed closer to a center of the circular area than a child component of the parent-child pair, wherein the control hierarchy is based on a relationship between the parent component of the parent-child pair and the child component of the parent-child pair; and
  
  arranging the plurality of components according to a plurality of domains within the networked control system such that each component falling within a given domain is placed within a corresponding arc of the circular area; and
  
  highlighting, within the graphical interface, an area within an arc of the circular area containing the potentially compromised component based at least in part on identifying the potential security threat involving the potentially compromised component; and
  
  at least one physical processor configured to execute the receiving module, the identification module, and the providing module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the providing module highlights the area within the arc of the circular area by highlighting the arc with a color.
  - 14. The system of claim 13, wherein the providing module highlights the area within the arc with a color by selecting the color based on a collective threat level within a domain of the control hierarchy corresponding to the arc.
  - 15. The system of claim 12, wherein the providing module highlights the area within the arc of the circular area by highlighting a representation of the potentially compromised component within the arc.
  - 16. The system of claim 12, wherein the providing module highlights the area within the arc of the circular area by portraying a connection between the potentially compromised component and an additional component that is potentially involved with the potential security threat.
  - 17. The system of claim 12, wherein the providing module arranges the plurality of components according to the plurality of domains by:
    - determining that a child component within the plurality of components communicates with multiple potential parent components; and
      
      selecting a parent of the child component from the multiple potential parent components based at least in part on a volume of communication between the child component and the parent of the child component.
  - 18. The system of claim 12, wherein each domain within the plurality of domains corresponds to a distinct function within the networked control system.
  - 19. The system of claim 12, wherein each domain within the plurality of domains comprises a parent component within the plurality of components and each descendent component of the parent component.

20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive a request to provide a graphical interface to visualize a networked control system that comprises a plurality of components;
  
  identify within the networked control system at least one potential security threat involving at least one potentially compromised component of the networked control system;
  
  provide the graphical interface in response to the request by;
  
  ordering the plurality of components according to a control hierarchy;
  
  portraying each component within the plurality of components within a circular area within the graphical interface, wherein representing each component within the circular area comprises;
  
  arranging the plurality of components according to the control hierarchy such that, for each parent-child pair of components within the hierarchy, a parent component of the parent-child pair is placed closer to a center of the circular area than a child component of the parent-child pair, wherein the control hierarchy is based on a relationship between the parent component of the parent-child pair and the child component of the parent-child pair; and
  
  arranging the plurality of components according to a plurality of domains within the networked control system such that each component falling within a given domain is placed within a corresponding arc of the circular area; and
  
  highlighting, within the graphical interface, an area within an arc of the circular area containing the potentially compromised component based at least in part on identifying the potential security threat involving the potentially compromised component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Holl, Timothy, Stanley, Michael, Bauder, Russell
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US15/368,542
Time in Patent Office

949 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0482   Interaction with lists of s...

G06F 3/0484   for the control of specific...

G06F 3/04847   Interaction techniques to c...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

Systems and methods for providing interfaces for visualizing threats within networked control systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing interfaces for visualizing threats within networked control systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links