Risk Analysis Engine

US 20140046863A1
Filed: 02/22/2013
Published: 02/13/2014
Est. Priority Date: 08/08/2012
Status: Active Grant

First Claim

Patent Images

1. A method for risk analysis, comprising:

analyzing at least one of incident information and activity information;

identifying behavioral patterns by analyzing the one of incident information and the activity information;

producing observations from matches of the behavioral patterns to behavior specifications; and

deriving per-asset risks based upon asset vulnerability data and the observations, wherein at least one of the method operations is executed through a processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a risk analysis system, a risk analysis engine and a related method, incident information or activity information, which may be of a spatiotemporal nature, is analyzed. Behavioral patterns are identified in or derived from the incident information or the activity information. Observations are produced from matches of the behavioral patterns to behavior specifications. Based upon the observations, and asset vulnerability data, per-asset risks are derived.

54 Citations

View as Search Results

20 Claims

1. A method for risk analysis, comprising:
- analyzing at least one of incident information and activity information;
  
  identifying behavioral patterns by analyzing the one of incident information and the activity information;
  
  producing observations from matches of the behavioral patterns to behavior specifications; and
  
  deriving per-asset risks based upon asset vulnerability data and the observations, wherein at least one of the method operations is executed through a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - correlating the observations and the asset vulnerability data,wherein deriving the per-asset risks is further based upon correlation of the observations and the asset vulnerability data.
  - 3. The method of claim 1, wherein the behavioral patterns include time information and physical location information, from the incident information or the activity information.
  - 4. The method of claim 1, wherein the behavior specifications act as templates for matches from the incident information or the activity information, with each behavior specification pertaining to one of:
    - an incident, an activity, a pattern of incidents, and a pattern of activities.
  - 5. The method of claim 1, further comprising:
    - tracking contributing observations for one of the per-asset risks, under an identifier.
  - 6. The method of claim 1, further comprising:
    - calculating a risk score for each of a plurality of assets represented in the asset vulnerability data, based upon a threat component, a vulnerability component and a consequence component.
  - 7. The method of claim 1, further comprising:
    - applying a risk score to a special event, wherein the special event is represented in the asset vulnerability data.
  - 8. The method of claim 1, wherein representation of a special event in the asset vulnerability data includes a time influence of the special event and a distance influence of the special event.
  - 9. The method of claim 1, further comprising:
    - decreasing a risk score as a function of time, for an asset represented in the asset vulnerability data.
  - 10. The method of claim 1, further comprising:
    - propagating a vulnerability risk from an asset represented in the asset vulnerability data to a related asset; and
      
      propagating a threat from the asset to the related asset.
  - 11. The method of claim 1, wherein analyzing the incident or activity information includes at least one selected from a group consisting of:
    - applying fuzzy logic;
      
      applying association rules;
      
      determining a pattern;
      
      determining a pattern tree;
      
      determining a temporal spike;
      
      determining a periodic temporal pattern; and
      
      determining an anomaly in a temporal pattern.

12. A tangible, non-transitory computing device having implemented thereupon a risk analysis engine, comprising:
- a behavior discovery and suggestion subsystem, configured to recognize behavioral patterns based upon one of analysis of incident information and activity information, of a spatiotemporal nature;
  
  a predictive subsystem, configured to estimate one of a next occurrence and a probable activity, based upon the behavioral patterns;
  
  a behavior management subsystem, configured to produce observations from behavior specifications to which any of the behavioral patterns, the estimated next occurrences, and the estimated probable activities conform; and
  
  a threat evaluation subsystem, configured to assess per-asset risks on a spatiotemporal basis, based upon correlations between asset vulnerability data and the observations, wherein each of the subsystems includes computer-executable instructions stored in a tangible, non-transitory memory of the computing device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computing device of claim 12, wherein the behavior specifications are further based upon at least one selected from a group consisting of:
    - precursor behaviors, indicator behaviors, asset-specific rules, and activity sequences.
  - 14. The computing device of claim 12, wherein the behavior discovery and suggestion subsystem is further configured to apply human feedback to the behavioral patterns.
  - 15. The computing device of claim 12, wherein the predictive subsystem is further configured to offer a completion estimate of behavioral indicators based upon partial sequence matches in the behavioral patterns.
  - 16. The computing device of claim 12, wherein the subsystems are further configured to store one of the observations, the incident information, and the activity information that contribute to the per-asset risks, with an identifier.

17. A risk analysis system, comprising:
- a gateway configured to route at least one of incident information and activity information and respond to at least one of queries requesting the one of incident and activity information and regarding the one of incident and activity information;
  
  a tangible, non-transitory storage device configured to store asset vulnerability data; and
  
  a processor configured to communicate with the gateway and the storage device, with the processor further configured to;
  
  receive the asset vulnerability data from the storage device;
  
  receive the one incident information and the activity information through the gateway;
  
  analyze the one of the incident information and the activity information;
  
  derive behavioral patterns from analysis of the one of the incident information and the activity information;
  
  produce observations from behavior specifications and the behavioral patterns; and
  
  derive per-asset risks based upon the asset vulnerability data and application of the observations as threat evidence.
- View Dependent Claims (18, 19, 20)
- - 18. The risk analysis system of claim 17, wherein the computing device is further configured to lower a risk score over time, as applied to one of the per-asset risks.
  - 19. The risk analysis system of claim 17, wherein the computing device is further configured to store identifiers associated with the one of the incident information and the activity information, the behavioral knowledge base, the observations and the per-asset risks, such that causes to a subsequent event are traceable.
  - 20. The risk analysis system of claim 17, wherein the computing device is further configured to:
    - propagate risk to related assets in the asset vulnerability data; and
      
      propagate threats from the per-asset risks to the related assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johns Hopkins University
Original Assignee
Johns Hopkins University
Inventors
Gifford, Christopher M., Brush, Jeffrey S., Gabriele, Mark B.

Granted Patent

US 9,652,813 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/325
CPC Class Codes

G06Q 10/10 Office automation; Time man...

G06Q 50/265 Personal security, identity...

Risk Analysis Engine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk Analysis Engine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links