System and Method for Predicting Impending Cyber Security Events Using Multi Channel Behavioral Analysis in a Distributed Computing Environment

US 20160028758A1
Filed: 03/30/2015
Published: 01/28/2016
Est. Priority Date: 03/28/2014
Status: Active Grant

First Claim

Patent Images

1. A software architecture for predicting the likelihood future security threats in distributed computing environment, comprising:

a registration entity or registry residing within a main server entity;

a communication engine to communicate with said main server and authorized 3rd parties;

a plurality of decision engines and entities communicating with said main server;

a plurality of correlation engines and entities communicating with said main server and decision engines;

a plurality of semantic graph build engines communicating with said correlation entities;

a plurality of distributed networked agents providing a mechanism for collecting event and attribute data for said main server entity, correlation server entity, and decision entity; and

a defined protocol for initiating and maintaining secure communication between the main server, agents, correlation engines, decision engines and communication server over said network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multi channel distributed behavioral analysis architecture provides a software solution to the major operational challenges faced with providing an early warning system for impending cyber security events. Most cyber security events are premeditated. However, many current cyber security defense technologies only address the real-time detection of a software vulnerability, the presence of malware (known or unknown “zero day”), anomalies from pre-established data points, or the signature of an active security event. The system and method of the multi channel distributed behavioral analysis architecture introduces a technique which provides the data collection, assessment, and alerting ability prior to the occurrence of an event based on threat actor behavior.

Citations

5 Claims

1. A software architecture for predicting the likelihood future security threats in distributed computing environment, comprising:
- a registration entity or registry residing within a main server entity;
  
  a communication engine to communicate with said main server and authorized 3rd parties;
  
  a plurality of decision engines and entities communicating with said main server;
  
  a plurality of correlation engines and entities communicating with said main server and decision engines;
  
  a plurality of semantic graph build engines communicating with said correlation entities;
  
  a plurality of distributed networked agents providing a mechanism for collecting event and attribute data for said main server entity, correlation server entity, and decision entity; and
  
  a defined protocol for initiating and maintaining secure communication between the main server, agents, correlation engines, decision engines and communication server over said network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A system according to claim 1 further comprising:
    - means for forecasting the arrival time of the impending event(s) by incorporating temporal data in the prediction process;
      
      means for discovering said agent servers;
      
      means for determining an available processing bandwidth of the main server, agents, decision engines, and correlation engines;
      
      means for registering said main server and available agent server with said registration entity;
      
      means for correlating event and attribute data from unstructured data sources;
      
      means for collecting log data;
      
      means for normalizing and tokenizing log data;
      
      means for generating semantic graphs of log and attribute data; and
      
      means for deciding on the likelihood of an event using the extensive form of sequential game theory.
  - 3. A system according to claim 1, wherein the system for deciding on the likelihood of an event using the extensive form of sequential game theory comprises additional capabilities of:
    - means for discovering attempts to hide the observation of events by staging other events;
      
      means for discovering attempts to hide the observation of events by utilizing a plurality of communications channels to execute an attack; and
      
      means for making predictions in the event of partial data loss.
  - 4. A system according to claim 1, wherein the system for distributing workload comprises additional capabilities of:
    - means for breaking data analysis work across an virtually unlimited amount cpu cores in order to scale data processing to handle an unlimited amount or log and attribute data;
      
      means for shifting workload in the event of a catastrophic loss of processing agents with minimal loss of fidelity;
      
      means for auto provisioning of processing agents as bandwidth, log and processing demands increase or decrease.
  - 5. A system according to claim 1, wherein the system for collecting data comprises of the additional capabilities of:
    - means for self healing databases while still processing transactions due to a security attack, a loss/addition of one or more virtual machine cores, a memory/disk buffer overwrite, a major shift in workload, or a hardware failure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zitovault, Inc.
Original Assignee
Zitovault, Inc.
Inventors
Ellis, Alonzo, McELwee, Tim

Granted Patent

US 9,602,530 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 21/52   during program execution, e...

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06Q 30/018   Certifying business or prod...

G06Q 30/0185   Product, service or busines...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

System and Method for Predicting Impending Cyber Security Events Using Multi Channel Behavioral Analysis in a Distributed Computing Environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Predicting Impending Cyber Security Events Using Multi Channel Behavioral Analysis in a Distributed Computing Environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links