TACTICAL AND STRATEGIC ATTACK DETECTION AND PREDICTION
First Claim
1. A method comprising:
- receiving input data representing activities and events on a network;
detecting tactical attacks against one or more entities by analyzing the input data; and
dynamically determining when the one or more tactical attacks are indicative of a strategic attack.
3 Assignments
0 Petitions
Accused Products
Abstract
NETWAR provides a utility that enables detection of both tactical and strategic threats against an individual entity and interrelated/affiliated networks of entities. A distributed network of sensors and evaluators are utilized to detect tactical attacks against one or more entities. Events on the general network are represented as an input graph, which is searched for matches of example pattern graphs that represent tactical attacks. The search is performed using a scalable graph matching engine and an ontology that is periodically updated by a subject matter expert or analyst. NETWAR provides the functionality to determine/understand the strategic significance of the detected tactical attacks by correlating detected tactical attacks on the individual entities to identify the true motive of these attacks as a strategic attack. NETWAR also provides predictive capability to predict future entities and sub-entities that may be targeted based on evaluation of the attack data.
233 Citations
49 Claims
-
1. A method comprising:
-
receiving input data representing activities and events on a network;
detecting tactical attacks against one or more entities by analyzing the input data; and
dynamically determining when the one or more tactical attacks are indicative of a strategic attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product comprising:
-
a computer readable medium; and
program code on the computer readable medium that when executed by a processor provides the functions of;
receiving input data representing activities and events on a network;
detecting tactical attacks against one or more entities by analyzing the input data; and
dynamically determining when the one or more tactical attacks are indicative of a strategic attack. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A system comprising:
-
a processor;
a memory coupled to the processor; and
a utility, which executes on the processor to provide the functions of;
receiving input data representing activities and events on a network;
detecting tactical attacks against one or more entities by analyzing the input data; and
dynamically determining when the one or more tactical attacks are indicative of a strategic attack. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
Specification