×

GENERATING A MULTIPLE-PREREQUISITE ATTACK GRAPH

  • US 20110231937A1
  • Filed: 05/10/2011
  • Published: 09/22/2011
  • Est. Priority Date: 06/09/2006
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method to generate an attack graph, the method comprising:

  • generating a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network;

    generating a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node;

    generating a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node;

    generating a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; and

    determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising;

    the first state node;

    the first vulnerability instance node;

    the first prerequisite node; and

    the second state node.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×