SYSTEM AND METHOD FOR FORENSIC CYBER ADVERSARY PROFILING, ATTRIBUTION AND ATTACK IDENTIFICATION
First Claim
Patent Images
1. A method of analyzing a cyber-attack, comprising:
- collecting attack data, wherein the attack data comprises data associated with a cyber-attack;
extracting quantitative data from the attack data, wherein the extracted quantitative data (‘
EQD”
) comprises quantifiable metrics associated with a cyber-attack;
comparing the EQD with a database of existing adversary and attack data (“
AAD”
), wherein the AAD comprises quantifiable metrics of known adversaries and known adversary behavior; and
determining if the EQD is associated with a known adversary and/or known adversary behavior based on the comparison step.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for identifying and analyzing cyber-attacks and profiling adversaries responsible for such attacks. The system and method allows for the quantitative measurement of adversary attack behavior. The system and method is able to extract quantitative data from raw attack data and compare the quantitative data to a database of quantifiable metrics associated with known adversaries. This allows for the possible linking of a cyber-attack to a known adversary or known adversary behavior.
83 Citations
18 Claims
-
1. A method of analyzing a cyber-attack, comprising:
-
collecting attack data, wherein the attack data comprises data associated with a cyber-attack; extracting quantitative data from the attack data, wherein the extracted quantitative data (‘
EQD”
) comprises quantifiable metrics associated with a cyber-attack;comparing the EQD with a database of existing adversary and attack data (“
AAD”
), wherein the AAD comprises quantifiable metrics of known adversaries and known adversary behavior; anddetermining if the EQD is associated with a known adversary and/or known adversary behavior based on the comparison step. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for analyzing a cyber-attack, comprising:
-
a processor; processor memory; and a cyber profiling engine comprising a set of computer readable instructions stored in processor memory that are executable by the processor to; receive attack data, wherein the attack data comprises data associated with a cyber-attack, extract quantitative data from the attack data, wherein the extracted quantitative data (‘
EQD”
) comprises quantifiable metrics associated with a cyber-attack,compare the EQD with a database of existing adversary and attack data (“
AAD”
), wherein the AAD comprises quantifiable metrics of known adversaries and known adversary behavior, anddetermine if the EQD is associated with a known adversary and/or known adversary behavior based on the comparison step. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A system for analyzing a cyber-attack, comprising:
-
at least one attack and adversary intelligence system (“
AAIS”
), wherein each AAIS comprises an AAIS processor and AAIS memory;at least one data aggregator associated with each AAIS, wherein each data aggregator comprises a data aggregator processor and data aggregator memory; a respective analysis engine associated with each data aggregator comprising a set of computer readable instructions stored in data aggregator memory that are executable by the data aggregator processor to; receive attack data, wherein the attack data comprises data associated with a cyber-attack, extract quantitative data from the attack data, wherein the extracted quantitative data (‘
EQD”
) comprises quantifiable metrics associated with a cyber-attack;a respective database associated with each AAIS comprising a set of computer readable instructions stored in AAIS memory that are executable by the AAIS processor to store existing adversary and attack data (“
AAD”
), wherein the AAD comprises quantifiable metrics of known adversaries and known adversarial behavior; anda respective intelligence engine associated with each AAIS comprising a set of computer readable instructions stored in AAIS memory that are executable by the AAIS processor to; receive the EQD, compare the EQD with the AAD, and determine if the EQD is associated with a known adversary and/or known adversarial behavior based on the comparison step. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification