Comprehensive risk assessment in a heterogeneous dynamic network
First Claim
1. A hardware processor implemented method for risk assessment in a heterogeneous dynamic network in real time, the method being implemented on a server, comprising:
- receiving, by the hardware processor, data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202);
identifying, by the hardware processor, one or more affected nodes from the plurality of nodes and one or more affected paths there between (204);
computing, by the hardware processor, attack risk at the one or more affected nodes (206);
computing, by the hardware processor, a propagated risk on one or more neighboring nodes of the one or more affected nodes by;
receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and
estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and
computing, by the hardware processor, an aggregated risk at the one or more affected nodes based on the propagated risk;
computing, by the hardware processor, an impact propagation at the one or more affected nodes based on the aggregated risk.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables ‘view’ and ‘analyses’ of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.
63 Citations
12 Claims
-
1. A hardware processor implemented method for risk assessment in a heterogeneous dynamic network in real time, the method being implemented on a server, comprising:
-
receiving, by the hardware processor, data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202); identifying, by the hardware processor, one or more affected nodes from the plurality of nodes and one or more affected paths there between (204); computing, by the hardware processor, attack risk at the one or more affected nodes (206); computing, by the hardware processor, a propagated risk on one or more neighboring nodes of the one or more affected nodes by; receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and computing, by the hardware processor, an aggregated risk at the one or more affected nodes based on the propagated risk; computing, by the hardware processor, an impact propagation at the one or more affected nodes based on the aggregated risk. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for risk assessment in a heterogeneous dynamic network in real time, the system being implemented on a server, the system comprising:
-
one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to; receive data pertaining to information flow between a plurality of nodes identified in the heterogeneous dynamic network (202); identify one or more affected nodes from the plurality of nodes and one or more affected paths there between (204); compute attack risk at the one or more affected nodes (206); compute a propagated risk on one or more neighboring nodes of the one or more affected nodes by; receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and estimating attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and compute an aggregated risk at the one or more affected nodes based on the propagated risk; compute, an impact propagation at the one or more affected nodes based on the aggregated risk. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
receive data pertaining to information flow between a plurality of nodes identified in a heterogeneous dynamic network (202); identify one or more affected nodes from the plurality of nodes and one or more affected paths there between (204); compute attack risk at the one or more affected nodes; compute the propagated risk on neighboring nodes of the one or more affected nodes by; receiving one or more pre-defined bipartite graphs of transitions based on at least one of attack vectors and influence vectors; and estimating, by the hardware processor, attack probability based on the one or more pre-defined bipartite graphs of transitions and pre-defined weights assigned to the propagated risk, wherein the estimation of attack probability is associated with a probability of selection of a path in the heterogeneous dynamic network; and compute an aggregated risk at the one or more affected nodes based on the propagated risk; compute an impact propagation at the one or more affected nodes based on the aggregated risk. - View Dependent Claims (12)
-
Specification