Advanced cybersecurity threat mitigation for inter-bank financial transactions

US 10,432,660 B2
Filed: 09/06/2017
Issued: 10/01/2019
Est. Priority Date: 10/28/2015
Status: Active Grant

First Claim

Patent Images

1. A system for detection and mitigation of cyberattacks on inter-bank financial transaction networks comprising:

an interface with an inter-bank financial transaction network, connected to an advanced cyber decision platform for mitigation of cyberattacks, the platform comprising;

a computer system or network comprising at least one memory, at least one processor, and a first plurality of programming instructions comprising an operating system;

a time series data store comprising at least a second plurality of programming instructions operating on the computer system or network which cause the computer system or network to;

monitor a plurality of network events on the inter-bank financial transaction network;

produce time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred;

an observation and state estimation module comprising at least a third plurality of programming instructions operating on the computer system or network which cause the computer system or network to;

monitor a plurality of connected resources on the inter-bank financial transaction network;

establish a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time; and

produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource;

a directed computational graph module comprising at least a fourth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;

perform a plurality of analysis and transformation operations on at least a portion of the time-series data;

perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and

produce a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph; and

a transaction validator comprising at least a fifth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;

receive inter-bank financial transaction requests;

analyze each transaction request based on the information contained in the directed computational graph;

determine whether the transaction request is valid based on the analysis of the transaction request;

if the transaction is determined to be valid, forward the transaction for completion; and

if the transaction is determined to be invalid, deny the transaction and generate an alert or a change to the cyber-physical graph.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Citations

11 Claims

1. A system for detection and mitigation of cyberattacks on inter-bank financial transaction networks comprising:
- an interface with an inter-bank financial transaction network, connected to an advanced cyber decision platform for mitigation of cyberattacks, the platform comprising;
  
  a computer system or network comprising at least one memory, at least one processor, and a first plurality of programming instructions comprising an operating system;
  
  a time series data store comprising at least a second plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
  
  monitor a plurality of network events on the inter-bank financial transaction network;
  
  produce time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred;
  
  an observation and state estimation module comprising at least a third plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
  
  monitor a plurality of connected resources on the inter-bank financial transaction network;
  
  establish a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time; and
  
  produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource;
  
  a directed computational graph module comprising at least a fourth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
  
  perform a plurality of analysis and transformation operations on at least a portion of the time-series data;
  
  perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and
  
  produce a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph; and
  
  a transaction validator comprising at least a fifth plurality of programming instructions operating on the computer system or network which cause the computer system or network to;
  
  receive inter-bank financial transaction requests;
  
  analyze each transaction request based on the information contained in the directed computational graph;
  
  determine whether the transaction request is valid based on the analysis of the transaction request;
  
  if the transaction is determined to be valid, forward the transaction for completion; and
  
  if the transaction is determined to be invalid, deny the transaction and generate an alert or a change to the cyber-physical graph.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise the calculation of an impact assessment score for each of a portion of the resources in the graph.
  - 3. The system of claim 2, wherein the plurality of analysis and transformation operations performed on at least a portion of the time-series data comprise the calculation of the overall impact of a cyberattack, wherein the calculation is based at least in part on the impact assessment score for each resource affected by the cyberattack.
  - 4. The system of claim 1, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise a comparison of relationships between resources against known security vulnerabilities.
  - 5. The system of claim 4, further comprising an action-outcome simulation module comprising at least a sixth plurality of programming instructions operating on the computer system or network which cause the computer system or network to:
    - produce a simulated network event on the inter-bank financial transaction network comprising at least a simulated cyberattack; and
      
      produce a plurality of security recommendations based at least in part on the results of analysis performed by the directed computational graph module;
      
      wherein the recommendations produced by the action-outcome simulation module are based at least in part on the results of the comparison against known security vulnerabilities.
  - 6. The system of claim 1, wherein the observation and state estimation module is further configured to produce a visualization based at least in part on at least a portion of the time-series data, wherein the visualization illustrates changes to the data over time.

7. A method for detection and mitigation of cyberattacks on inter-bank financial transaction networks employing an advanced cyber decision platform comprising the steps of:
- monitoring a plurality of network events on an inter-bank financial transaction network;
  
  producing time-series data comprising at least a record of a network event on the inter-bank financial transaction network and the time at which the event occurred;
  
  monitoring a plurality of connected resources on the inter-bank financial transaction network;
  
  establishing a baseline of expected behavior for each connected resource based on that resource'"'"'s activity on the inter-bank financial transaction network over a defined period of time;
  
  producing a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the inter-bank financial transaction network, the physical relationships between any connected resources that comprise at least a hardware device, the expected behaviors for each connected resource, and any deviations from expected behavior for each connected resource;
  
  performing a plurality of analysis and transformation operations on at least a portion of the time-series data;
  
  performing a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph;
  
  producing a directed computational graph based on the analysis and transformation operations performed on the time-series data and the cyber-physical graph andreceiving inter-bank financial transaction requests;
  
  analyzing each transaction request based on the information contained in the directed computational graph;
  
  determining whether the transaction request is valid based on the analysis of the transaction request;
  
  if the transaction is determined to be valid, forwarding the transaction for completion; and
  
  if the transaction is determined to be invalid, denying the transaction and generating an alert or a change to the cyber-physical graph.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise the calculation of an impact assessment score for each of a portion of the resources in the graph.
  - 9. The method of claim 8, wherein the plurality of analysis and transformation operations performed on at least a portion of the time-series data comprise the calculation of the overall impact of a cyberattack, wherein the calculation is based at least in part on the impact assessment score for each resource affected by the cyberattack.
  - 10. The system of claim 7, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise a comparison of relationships between resources against known security vulnerabilities.
  - 11. The method of claim 7, further comprising the steps of:
    - producing, using an action outcome simulation module, a simulated network event on the inter-bank financial transaction network comprising at least a simulated cyberattack; and
      
      producing a plurality of security recommendations based at least in part on the results of analysis performed by the directed computational graph module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qomplx LLC (f/k/a QPX LLC)
Original Assignee
Qomplx, Inc.
Inventors
Crabtree, Jason, Sellers, Andrew
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US15/696,367
Publication Number

US 20180013771A1
Time in Patent Office

755 Days
Field of Search
US Class Current
CPC Class Codes

G06F 30/20   Design optimisation, verifi...

G06Q 40/02   Banking, e.g. interest calc...

H04L 2463/102   applying security measure f...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

Advanced cybersecurity threat mitigation for inter-bank financial transactions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Advanced cybersecurity threat mitigation for inter-bank financial transactions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links