NETWORK RISK ANALYSIS METHOD USING INFORMATION HIERARCHY STRUCTURE

US 20090100077A1
Filed: 11/16/2007
Published: 04/16/2009
Est. Priority Date: 10/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. A network risk analysis method, comprising the steps of:

a) storing information on a network environment as a target of a risk analysis, in a 1^stlayer of a database;

b) storing an active discovery result on the network in a 2^ndlayer of the database;

c) storing a passive discovery result on the network in a 3^rdlayer of the database;

d) storing a network vulnerability result obtained by using a vulnerability checking tool in a 4^thlayer of the database;

e) storing an asset analysis result and an expected attack path on the network in a 5^thlayer of the database;

f) storing a risk analysis result of the network in a 6^thlayer of the database; and

g) storing a security countermeasure for the network in a 7^thlayer of the database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network risk analysis method using an information hierarchy structure is divided into 7 steps and results derived from each of the process steps are stored in a database to get a hierarchy structure for the respective steps. By using the information hierarchy structure, a network manager can easily comprehend the relationship between the derived results from each step to make a risk analysis in an efficient manner.

Citations

10 Claims

1. A network risk analysis method, comprising the steps of:
- a) storing information on a network environment as a target of a risk analysis, in a 1^stlayer of a database;
  
  b) storing an active discovery result on the network in a 2^ndlayer of the database;
  
  c) storing a passive discovery result on the network in a 3^rdlayer of the database;
  
  d) storing a network vulnerability result obtained by using a vulnerability checking tool in a 4^thlayer of the database;
  
  e) storing an asset analysis result and an expected attack path on the network in a 5^thlayer of the database;
  
  f) storing a risk analysis result of the network in a 6^thlayer of the database; and
  
  g) storing a security countermeasure for the network in a 7^thlayer of the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the information on the network environment comprises information on nodes included in the network, OS information, and application information.
  - 3. The method according to claim 1, wherein the active discovery result is obtained by transmitting a discovery packet to a network by using a network security tool and analyzing a response packet received from the network.
  - 4. The method according to claim 1, wherein the passive discovery result is obtained by monitoring traffic data transmitted/received via a network, with the aid of a sniffer.
  - 5. The method according to claim 1, wherein the asset analysis result comprises information on asset value taking into account confidentiality, integrity and availability of an asset.
  - 6. The method according to claim 1, wherein the risk analysis result comprises a risk level that is estimated on the basis of information on asset value, threat, and vulnerability.
  - 7. The method according to claim 1, wherein the security countermeasure comprises information on a kind, name, and description of a countermeasure that is selected taking into account the existence of a patch, the credibility of the patch, the necessity of an application, the existence of a second best strategy and whether an in-depth test is available.

8. A database comprising:
- a 1^stlayer storing information on a network environment as a target of a risk analysis;
  
  a 2^ndlayer storing an active discovery result on the network;
  
  a 3^rdlayer storing a passive discovery result on the network;
  
  a 4^thlayer storing a network vulnerability result obtained by using a vulnerability checking tool;
  
  a 5^thlayer storing an asset analysis result and an expected attack path on the network;
  
  a 6^thlayer storing a risk analysis result of the network; and
  
  a 7^thlayer storing a security countermeasure for the network.
- View Dependent Claims (9, 10)
- - 9. The database according to claim 8, wherein the 3^rdlayer further stores a firewall and IDS (Intrusion Detection System) log information.
  - 10. The database according to claim 8, wherein each of the layers in the database has an agent that generates new data by using the data retrieved from the lower layers of the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Korea Information Security Agency
Original Assignee
Korea Information Security Agency
Inventors
Jung, Tae-In, Kim, Woo-Han, Sim, Won-Tae

Application Number

US11/941,135
Publication Number

US 20090100077A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 43/00 Arrangements for monitoring...

H04L 63/1433 Vulnerability analysis

NETWORK RISK ANALYSIS METHOD USING INFORMATION HIERARCHY STRUCTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK RISK ANALYSIS METHOD USING INFORMATION HIERARCHY STRUCTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links