Comprehensive risk assessment in a heterogeneous dynamic network

US 10,601,854 B2
Filed: 03/31/2017
Issued: 03/24/2020
Est. Priority Date: 08/12/2016
Status: Active Grant

First Claim

Patent Images

1. A hardware processor implemented method for risk assessment in a heterogeneous dynamic network in real time, the method being implemented on a server, comprising:

receiving, by the hardware processor, data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202);

identifying, by the hardware processor, one or more affected nodes from the plurality of nodes and one or more affected paths there between (204);

computing, by the hardware processor, attack risk at the one or more affected nodes (206);

computing, by the hardware processor, a propagated risk on one or more neighboring nodes of the one or more affected nodes by;

receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and

estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and

computing, by the hardware processor, an aggregated risk at the one or more affected nodes based on the propagated risk;

computing, by the hardware processor, an impact propagation at the one or more affected nodes based on the aggregated risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables ‘view’ and ‘analyses’ of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.

63 Citations

View as Search Results

12 Claims

1. A hardware processor implemented method for risk assessment in a heterogeneous dynamic network in real time, the method being implemented on a server, comprising:
- receiving, by the hardware processor, data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202);
  
  identifying, by the hardware processor, one or more affected nodes from the plurality of nodes and one or more affected paths there between (204);
  
  computing, by the hardware processor, attack risk at the one or more affected nodes (206);
  
  computing, by the hardware processor, a propagated risk on one or more neighboring nodes of the one or more affected nodes by;
  
  receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and
  
  estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and
  
  computing, by the hardware processor, an aggregated risk at the one or more affected nodes based on the propagated risk;
  
  computing, by the hardware processor, an impact propagation at the one or more affected nodes based on the aggregated risk.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The hardware processor implemented method of claim 1 further comprising computing, by the hardware processor, one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk.
  - 3. The hardware processor implemented method of claim 2 further comprising generating, by the hardware processor, a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of:
    - providing, by the hardware processor, one or more alternate sources or paths for the data to be derived or propagated respectively;
      
      modifying, by the hardware processor, constraints imposed on the information flow from logical conjunction to logical disjunction or vice-versa;
      
      isolating, by the hardware processor, at least one of the one or more affected nodes or the one or more affected paths there between;
      
      deploying, by the hardware processor, a data encryption scheme; and
      
      implementing, by the hardware processor, diagnostic measures to measure a health of the heterogeneous dynamic network.
  - 4. The hardware processor implemented method of claim 2, wherein the business impact loss is based on a weight or a probability associated with business impact loss and the aggregated risk;
    - the information loss impact is based on the weight or the probability associated with information loss and the aggregated risk; and
      
      the financial impact loss is based on the weight or the probability associated with financial impact loss and the aggregated risk.
  - 5. The hardware processor implemented method of claim 1, further comprising computing, by the hardware processor, the attack risk by identifying attack vectors in the network and the influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes.
  - 6. The hardware processor implemented method of claim 1, further comprising simulating, by the hardware processor, a “
    - what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and conducting a conditional analysis assessment.

7. A system for risk assessment in a heterogeneous dynamic network in real time, the system being implemented on a server, the system comprising:
- one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to;
  
  receive data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202);
  
  identify one or more affected nodes from the plurality of nodes and one or more affected paths there between (204);
  
  compute attack risk at the one or more affected nodes (206);
  
  compute a propagated risk on one or more neighboring nodes of the one or more affected nodes by;
  
  receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and
  
  estimating attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and
  
  compute an aggregated risk at the one or more affected nodes based on the propagated risk;
  
  compute, an impact propagation at the one or more affected nodes based on the aggregated risk.
- View Dependent Claims (8, 9, 10)
- - 8. The system of claim 7, wherein the one or more hardware processors are further configured to compute one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk.
  - 9. The system of claim 8, wherein the one or more hardware processors are further configured to generate a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of:
    - providing one or more alternate source or path for the data to be derived or propagated respectively;
      
      modifying constraints imposed on the information flow from logical conjunction to logical disjunction or vice-versa;
      
      isolating at least one of the one or more affected nodes or the one or more affected paths there between;
      
      deploying a data encryption scheme;
      
      implementing diagnostic measures to measure a health of the heterogeneous dynamic network;
      
      computing an attack risk by identifying attack vectors in the heterogeneous dynamic network and influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes andsimulating a “
      
      what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and a conditional analysis assessment is conducted.
  - 10. The system of claim 8, wherein the business impact loss is based on a weight or a probability associated with business impact loss and the aggregated risk;
    - the information loss impact is based on the weight or the probability associated with information loss and the aggregated risk; and
      
      the financial impact loss is based on the weight or the probability associated with financial impact loss and the aggregated risk.

11. A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- receive data pertaining to information flow between a plurality of nodes identified in a heterogeneous dynamic network (202);
  
  identify one or more affected nodes from the plurality of nodes and one or more affected paths there between (204);
  
  compute attack risk at the one or more affected nodes;
  
  compute the propagated risk on neighboring nodes of the one or more affected nodes by;
  
  receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and
  
  estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and
  
  compute an aggregated risk at the one or more affected nodes based on the propagated risk;
  
  compute an impact propagation at the one or more affected nodes based on the aggregated risk.
- View Dependent Claims (12)
- - 12. The computer program product of claim 11, wherein the computer readable program further causes the computing device to perform one or more of:
    - computing one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk;
      
      generating a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of;
      
      providing one or more alternate source or path for the data to be derived or propagated respectively;
      
      modifying constraints imposed on the information flow from logical conjunction to logical disjunction or vice-versa;
      
      isolating at least one of the one or more affected nodes or the one or more affected paths there between deploying a data encryption scheme; and
      
      implementing diagnostic measures to measure a health of the heterogeneous dynamic network;
      
      computing an attack risk by identifying attack vectors in the network and influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes; and
      
      simulating a “
      
      what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and a conditional analysis assessment is conducted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Original Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Inventors
Lokamathe, Shivraj Vijayshankar, Alasingara Bhattachar, Rajan Mindigal, Singh Dilip Thakur, Meena, Purushothaman, Balamuralidhar
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Ahmed, Mahabub S

Application Number

US15/476,436
Publication Number

US 20180048669A1
Time in Patent Office

1,089 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 30/20   Design optimisation, verifi...

G06N 5/04   Inference or reasoning models

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04W 12/122   Counter-measures against at...

Comprehensive risk assessment in a heterogeneous dynamic network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Comprehensive risk assessment in a heterogeneous dynamic network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links