SYSTEM AND METHOD FOR DISCOVERING OPTIMAL NETWORK ATTACK PATHS
First Claim
1. A computer-implemented method for discovering network attack paths comprising:
- generating scoring system results, using a computer, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network;
applying, using the computer, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network; and
combining, using the computer, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed;
applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker.
-
Citations
34 Claims
-
1. A computer-implemented method for discovering network attack paths comprising:
-
generating scoring system results, using a computer, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network; applying, using the computer, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network; and combining, using the computer, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed; applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker. - View Dependent Claims (3, 4, 5, 6, 7, 21, 22, 23, 24)
-
-
2. (canceled)
-
8-20. -20. (canceled)
-
25. A computer comprising:
-
a processor; a bus connected to the processor; a memory connected to the bus, the memory storing computer usable program code which, when executed by the processor, performs a method for discovering network attack paths, wherein the computer usable program code comprises; computer usable program code for generating scoring system results, using the processor, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network; computer usable program code for applying, using the processor, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network; computer usable program code for combining, using the processor, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed; and computer usable program code for applying, using the processor, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification