SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR EVALUATING POTENTIAL ATTACKS OF WORMS
6 Assignments
0 Petitions
Accused Products
Abstract
A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.
89 Citations
49 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
8. (canceled)
-
9. (canceled)
-
10. (canceled)
-
11. (canceled)
-
12. (canceled)
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
16. (canceled)
-
17. (canceled)
-
18. (canceled)
-
19. (canceled)
-
20. (canceled)
-
21. (canceled)
-
22. (canceled)
-
23. (canceled)
-
24. (canceled)
-
25. (canceled)
-
26. (canceled)
-
27. (canceled)
-
28. (canceled)
-
29. (canceled)
-
30. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- generate information representative of worm entities;
associate, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, and when a likelihood of occurrences of a potential worm exceeds a certain threshold;
determine potential worm attacks that start from the associated worm sources, by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein the non-transitory computer usable medium is used for holding the model of the network and uses software entities for representing network components; and
evaluate at least one potential worm attack security metric associated with the potential worm attacks. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
- generate information representative of worm entities;
-
40. A method, comprising generating information representative of worm entities;
- associating, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the associating is triggered when a new worm profile is received, when a new worm profile is generated, and when a likelihood of occurrences of a potential worm exceeds a certain threshold;
determining potential worm attacks that start from the associated worm sources, by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein the non-transitory computer usable medium is used for holding the model of the network and uses software entities for representing network components; and
evaluating at least one potential worm attack security metric associated with the potential worm attacks. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- associating, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
-
49. A system for evaluating potential attacks of worms, the system includes:
- a memory unit adapted to store information representative of a network and of worm entities; and
a processor adapted to;
associate, in response to the information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, and when a likelihood of occurrences of a potential worm exceeds a certain threshold;
determine potential worm attacks that start from the associated worm entities by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein computerized media that is used for holding the model of the network use software entities for representing network components; and
evaluate at least one potential worm attack security metric associated with the potential worm attacks
- a memory unit adapted to store information representative of a network and of worm entities; and
Specification