METHOD AND SYSTEM SIMULATING A HACKING ATTACK ON A NETWORK

US 20100138925A1
Filed: 05/22/2008
Published: 06/03/2010
Est. Priority Date: 05/24/2007
Status: Active Grant

First Claim

Patent Images

1. A method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network, the method comprising:

(a) receiving one or more scan parameters from a system;

(b) creating at least one master agent by the system to gather information about the Network, wherein the information pertains to critical and non-critical information about the Network;

(c) performing Social Engineering analysis on the Network to find out vulnerabilities associated with the plurality of users;

(d) performing Link Analysis on the communication taking place among two or more users or the plurality of DPUs to find out critical information flowing as a result of communication;

(e) creating or updating an Information Model, wherein the Information Model comprises the information gathered by the at least one master agent about the plurality of DPUs, the plurality of users, the plurality of communication links and their relationships;

(f) generating a Multiple Attack Vectors (MAV) graph based on the information collected in the Information Model and the one or more scan parameters;

(g) launching one or more attacks based on the MAV graph to compromise the Network, wherein the one or more attacks can be one or more from a group comprising an automated social engineering attack, a communication link attack and a DPU exploit attack;

(h) installing at least one slave agent on the compromised Network to perform the one or more attacks in a distributed manner;

(i) performing a multi stage attack by using the at least one slave agent and the at least one master agent by repeating (b) (c) (d) (e) (f) (g) and (h); and

(j) generating a report by the system, wherein the report contains details about the compromised Network and the vulnerabilities of the Network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention describes a method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network. The method includes receiving one or more scan parameters for the Network. Further, the method includes creating at least one master agent by a system to gather information about the Network, wherein the information pertains to critical and non-critical information about the Network. The method includes creating an Information Model and then incrementally updating the Information Model during the hacking attack. The Information Model is the abstract representation of information collected by the system. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on one or more scan parameters and the Information Model. MAV has the ability to combine plurality of low and medium severity vulnerabilities associated with the data processing units (DPUs), users and communication links, correlate vulnerabilities in combination with Information Model and generate high severity attack paths that can lead to compromise of the Network. Moreover, the method includes launching one or more attacks based on the MAV graph to compromise the Network. The method further includes installing at least one slave agent on the compromised Network to perform the one or more attacks in a distributed manner. Moreover, the method includes performing a multi stage attack by using the at least one slave agent and the at least one master agent by repeating above steps. Finally, the method includes generating a report by the scan controller, wherein the report contains details about the compromised Network and the vulnerabilities of the Network.

181 Citations

20 Claims

1. A method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network, the method comprising:
- (a) receiving one or more scan parameters from a system;
  
  (b) creating at least one master agent by the system to gather information about the Network, wherein the information pertains to critical and non-critical information about the Network;
  
  (c) performing Social Engineering analysis on the Network to find out vulnerabilities associated with the plurality of users;
  
  (d) performing Link Analysis on the communication taking place among two or more users or the plurality of DPUs to find out critical information flowing as a result of communication;
  
  (e) creating or updating an Information Model, wherein the Information Model comprises the information gathered by the at least one master agent about the plurality of DPUs, the plurality of users, the plurality of communication links and their relationships;
  
  (f) generating a Multiple Attack Vectors (MAV) graph based on the information collected in the Information Model and the one or more scan parameters;
  
  (g) launching one or more attacks based on the MAV graph to compromise the Network, wherein the one or more attacks can be one or more from a group comprising an automated social engineering attack, a communication link attack and a DPU exploit attack;
  
  (h) installing at least one slave agent on the compromised Network to perform the one or more attacks in a distributed manner;
  
  (i) performing a multi stage attack by using the at least one slave agent and the at least one master agent by repeating (b) (c) (d) (e) (f) (g) and (h); and
  
  (j) generating a report by the system, wherein the report contains details about the compromised Network and the vulnerabilities of the Network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the one or more scan parameters can be one or more from a group comprising a predefined time for a scan, scope of the scan, information about the Network and the like.
  - 3. The method of claim 1, further comprising revising the MAV graph after the Network is compromised, wherein the MAV graph is revised to utilize the information about the compromised Network for the one or more attacks.
  - 4. The method of claim 1, further comprising enhancing the system capability to generate the MAV graph by adding new attacks and the corresponding attack strategies in the format required by the system.
  - 5. The method of claim 1, further comprising enhancing the system capability to generate the MAV graph by applying self learning algorithms based upon custom developed Genetic and Artificial Intelligence (AI) algorithms.
  - 6. The method of claim 1, further comprising enabling constant interaction between the at least one master agent and the at least one slave agent, wherein the interaction comprises coordination, planning, monitoring and reselection of the at least one master agent.
  - 7. The method of claim 1, wherein the automated social engineering attack is performed to gain access to critical information that pertains to the plurality of users, the automated social engineering attack can be performed by performing at least one of modeling the psychology of human mind, creating the human profile, impersonating or building the trust between an attacker and a target and selecting and launching the attack, sniffing a mail from the Network to impersonate the plurality of users, crafting the replies of the mail, including a malicious link in the reply, luring the plurality of users to leak the critical information.
  - 8. The method of claim 1, wherein the communication link attack is performed to exploit vulnerabilities associated with Network and communication protocols to gain access to confidential information pertaining to the Network, wherein the confidential information can be one or more from a group comprising at least one user name, at least one password, at least one e-mail address, at least one network topology and at least one of the plurality of communication links among the plurality of users and the plurality of DPUs.
  - 9. The method of claim 1, further comprising executing the hacking attack in a plurality of stages comprising:
    - (a) gathering data by accessing the Network through the internet and simultaneously accessing web server through HTTP channel in a first stage, wherein the Network can access a subnet which hosts multiple applications along with DNS application and database application;
      
      (b) harnessing the data from the first stage and by cultivating the trust relationship that the Network shares with a set of neighboring Network; and
      
      (c) utilizing the trust relationship the multiple applications share with the DNS application and the database application for executing the hacking attack.
  - 10. The method of claim 1, further comprising integrating one or more propriety or third party tools and products with one or more tools selected from a group comprising vulnerability tools, social engineering tools, exploitation tools, and the like for capturing the information in the Information Model, for generating the MAV graph based upon the Information Model and for launching the one or more attacks to enhance impact of the hacking attack on the Network.
  - 11. The method of claim 1, further comprising hosting the system as software as service model enabling the users to subscribe to the service, initiating the one or more attacks and generating the report online over the Internet.

12. A system for simulating a hacking attack on a Network wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links to assess vulnerabilities of the Network, the system comprising:
- (a) an automated Social Engineering (SE) architecture for collecting sensitive information that pertains to the plurality of users;
  
  (b) a communication link framework for identifying vulnerabilities associated with the Network and communication protocols; and
  
  (c) a Multiple Attack Vector engine (MAV) for storing an MAV graph that shows all possible paths by which the Network can be compromised
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the SE architecture further comprises:
    - (a) a SE database for storing the information gathered by SE analysis;
      
      (b) a SE knowledge base for storing one or more information from a group comprising human relationship model, an attack dictionary, an attack strategy knowledge base, organizational policies, trust level dictionary, human vulnerability dictionary, human psychology model, human relationships model, and human profile model; and
      
      (c) a SE controller for communicating with one or more communication modules.
  - 14. The system of claim 12, wherein the multiple attack vectors engine further comprises:
    - (a) an attack repository for storing one or more attacks associated with the Network and the vulnerabilities of the Network;
      
      (b) an attack strategies repository for storing attack strategies corresponding to the one or more attacks, wherein the attack strategies can be updated by a user and by an artificial algorithm;
      
      (c) an agent database for storing information related to at least one master agent and at least one slave agent;
      
      (d) an Information Model for storing the information related to the Network after the one or more attacks have been made on the Network; and
      
      (e) a knowledge base for storing one or more functional modules and libraries associated with each of the one or more functional module.
  - 15. The system of claim 12, further comprising at least one slave agent, wherein the at least one slave agent replicate on the compromised Network and coordinates among themselves to perform one or more attacks in a distributed manner.

16. A computer program product for use with a computer, the computer program product comprising a computer usable medium having a computer readable program code embodied therein for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links to assess vulnerabilities of the Network, the computer program code comprising:
- (a) program instruction means for receiving one or more scan parameters;
  
  (b) program instruction means for creating at least one master agent;
  
  (c) program instruction means for Social Engineering analysis on the Network;
  
  (d) program instruction means for Link Analysis on the communication among two or more users or the plurality of DPUs;
  
  (e) program instruction means for creating or updating an Information Model;
  
  (f) program instruction means for generating a multiple attack vectors graph based on the information collected in the Information Model and the one or more scan parameters;
  
  (g) program instruction means for executing one or more attacks on the Network to compromise the Network;
  
  (h) program instruction means for installing at least one agent in the compromised Network;
  
  (i) program instruction means for performing a multi stage attack by using the at least one slave agent and the at least one master agent by repeating (b) (c), (d), (e), (f), (g) and (h); and
  
  (j) program instruction means for generating a report that contains details about the compromised Network and the vulnerabilities of the compromised Network.

17. A method for assessing vulnerabilities for a network of a plurality of users, the plurality of users interacting with each other in the Network, the method comprising:
- (a) receiving one or more scan parameters of the Network;
  
  (b) creating at least one agent to gather information about the plurality of users, wherein the information pertains to critical and non-critical information about the plurality of users and their hierarchical and personal relationships; and
  
  (c) performing automated Social Engineering analysis on the plurality of users to find vulnerabilities associated with the Network;

18. A method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network, the method comprising:
- (a) creating or updating an Information Model, wherein the Information Model comprises the information gathered about the Network;
  
  (b) generating a Multiple Attack Vectors (MAV) graph based on the information collected in the Information Model and the one or more scan parameters;
  
  (c) launching one or more attacks based on the MAV graph to compromise the Network, wherein the one or more attacks can be one or more from a group comprising an automated social engineering attack, a communication link attack and a DPU exploit attack;
  
  (d) generating a report by the system, wherein the report contains details about the compromised Network and the vulnerabilities of the Network.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising the ability of a Multiple Attack Vector (MAV) graph to combine plurality of low and medium severity vulnerabilities associated at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, correlate the vulnerabilities in combination with Information Model and generate high severity attack paths that can lead to compromise of the Network.

20. A method for simulating a hacking attack on a Network, wherein the Network comprises at least one of a plurality of data processing units (DPUs), a plurality of users and a plurality of communication links, to assess vulnerabilities of the Network, the method comprising:
- (a) gathering information about the Network from a plurality of agents, wherein the information relates to the at least one of the plurality of DPUs, a plurality of users, and a plurality of communication links;
  
  (b) creating or updating an Information Model, wherein the Information Model comprises the information gathered by the plurality of agents;
  
  (c) launching one or more attacks based on the Information Model to compromise the Network, wherein the one or more attacks can be one or more from a group comprising an automated social engineering attack, a communication link attack and a DPU exploit attack;
  
  (d) generating a report by the system, wherein the report contains details about the compromised Network and the vulnerabilities of the Network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synopsys Incorporated
Original Assignee
iViZ Techno Solutions Pvt. Ltd. (Synopsys Incorporated)
Inventors
De, Nilanjan, Barai, Bikash

Granted Patent

US 8,464,346 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

METHOD AND SYSTEM SIMULATING A HACKING ATTACK ON A NETWORK

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

181 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM SIMULATING A HACKING ATTACK ON A NETWORK

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

181 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others