Advanced cybersecurity threat mitigation for inter-bank financial transactions
First Claim
Patent Images
1. A system for detection and mitigation of cyberattacks on inter-bank financial transaction networks comprising:
- an interface with an inter-bank financial transaction network, connected to an advanced cyber decision platform for mitigation of cyberattacks, the platform comprising;
a computer system or network comprising at least one memory, at least one processor, and a first plurality of programming instructions comprising an operating system;
a time series data store comprising at least a second plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
monitor a plurality of network events on the inter-bank financial transaction network;
produce time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred;
an observation and state estimation module comprising at least a third plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
monitor a plurality of connected resources on the inter-bank financial transaction network;
establish a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time; and
produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource;
a directed computational graph module comprising at least a fourth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
perform a plurality of analysis and transformation operations on at least a portion of the time-series data;
perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and
produce a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph; and
a transaction validator comprising at least a fifth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
receive inter-bank financial transaction requests;
analyze each transaction request based on the information contained in the directed computational graph;
determine whether the transaction request is valid based on the analysis of the transaction request;
if the transaction is determined to be valid, forward the transaction for completion; and
if the transaction is determined to be invalid, deny the transaction and generate an alert or a change to the cyber-physical graph.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.
-
Citations
11 Claims
-
1. A system for detection and mitigation of cyberattacks on inter-bank financial transaction networks comprising:
-
an interface with an inter-bank financial transaction network, connected to an advanced cyber decision platform for mitigation of cyberattacks, the platform comprising; a computer system or network comprising at least one memory, at least one processor, and a first plurality of programming instructions comprising an operating system; a time series data store comprising at least a second plurality of programming instructions operating on the computer system or network which cause the computer system or network to; monitor a plurality of network events on the inter-bank financial transaction network; produce time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred; an observation and state estimation module comprising at least a third plurality of programming instructions operating on the computer system or network which cause the computer system or network to; monitor a plurality of connected resources on the inter-bank financial transaction network; establish a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time; and produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource; a directed computational graph module comprising at least a fourth plurality of programming instructions operating on the computer system or network which cause the computer system or network to; perform a plurality of analysis and transformation operations on at least a portion of the time-series data; perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and produce a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph; and a transaction validator comprising at least a fifth plurality of programming instructions operating on the computer system or network which cause the computer system or network to; receive inter-bank financial transaction requests; analyze each transaction request based on the information contained in the directed computational graph; determine whether the transaction request is valid based on the analysis of the transaction request; if the transaction is determined to be valid, forward the transaction for completion; and if the transaction is determined to be invalid, deny the transaction and generate an alert or a change to the cyber-physical graph. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detection and mitigation of cyberattacks on inter-bank financial transaction networks employing an advanced cyber decision platform comprising the steps of:
-
monitoring a plurality of network events on an inter-bank financial transaction network; producing time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred; monitoring a plurality of connected resources on the inter-bank financial transaction network; establishing a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time; producing a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource; performing a plurality of analysis and transformation operations on at least a portion of the time-series data; performing a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; producing a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph and receiving inter-bank financial transaction requests; analyzing each transaction request based on the information contained in the directed computational graph; determining whether the transaction request is valid based on the analysis of the transaction request; if the transaction is determined to be valid, forwarding the transaction for completion; and if the transaction is determined to be invalid, denying the transaction and generating an alert or a change to the cyber-physical graph. - View Dependent Claims (8, 9, 10, 11)
-
Specification