System and Method for Cyber Security Analysis and Human Behavior Prediction

1. A method for analyzing computer network security, comprising:

• establishing multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security;
  
  creating an estimate for each node that estimates the ease of realizing the event, condition, or attribute of the node;
  
  identifying attack paths based on attack vectors that may be used by actor, where the attack paths represent a linkage of nodes that reach a condition of compromise of network security;
  
  calculating edge probabilities for the attack paths based on the estimates for each node along the attack path, where the node estimates and edge probabilities are determined by calculating a probability of likelihood for the nodes based on Markov Monte Carlo simulations of paths from an attacker to the nodes;
  
  generating an attack graph that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions of compromise based on combined estimates of the ease of the attack paths and the application of actor attributes;
  
  where events and conditions on the attack graph are connected to observable nodes associated with physical sensors on the network, where the physical sensors predict the events and conditions;
  
  detecting attacks on the computer network through a correlation of the observable nodes with the physical sensors;
  
  where security alerts are generated in response to detected attacks;
  
  where benign actors are modeled in addition to threat actors, generating a benign action graph and associated benign paths; and
  
  where the benign paths are compared to an attack graph and associated attack paths to generate alerts by differential analysis of benign v. threat actor scores.