SYSTEM AND METHOD FOR DISCOVERING OPTIMAL NETWORK ATTACK PATHS

US 20160248796A1
Filed: 02/15/2016
Published: 08/25/2016
Est. Priority Date: 08/23/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for discovering network attack paths comprising:

generating scoring system results, using a computer, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network;

applying, using the computer, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network; and

combining, using the computer, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed;

applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker.

11 Citations

View as Search Results

34 Claims

1. A computer-implemented method for discovering network attack paths comprising:
- generating scoring system results, using a computer, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network;
  
  applying, using the computer, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network; and
  
  combining, using the computer, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed;
  
  applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker.
- View Dependent Claims (3, 4, 5, 6, 7, 21, 22, 23, 24)
- - 3. The method of claim 1, wherein the weighted-average algorithm prioritizes nodes by magnitude of risk and imminence of risk.
  - 4. The method of claim 1, wherein the scoring system results are further generated based on a fixed formula for risk assessment.
  - 5. The method of claim 1, wherein the method accounts for betweenness centrality of nodes as a risk factor, wherein betweenness centrality quantifies a number of times a given node in the network acts as a bridge along a shortest path between two other nodes in the network.
  - 6. The method of claim 1, wherein the method accounts for assortativity of nodes, wherein assortativity represents a preference for a given node in the network to attached to other nodes in the network.
  - 7. The method of claim 1, wherein the selected qualitative risk attributes comprise at least one of threat type, ease of execution, business risk, and certification risk.
  - 21. The method of claim 1 further comprising:
    - using the weighted average algorithm to determine at least one resistant attack path into the network.
  - 22. The method of claim 1 further comprising:
    - using the weighted average algorithm to determine at least one optimal attack path into the network.
  - 23. The method of claim 1 further comprising:
    - determining an aggregated attack path using the weighted-average algorithm.
  - 24. The method of claim 1 further comprising:
    - determining an architecture and configuration of the network.

2. (canceled)

8-20. -20. (canceled)

25. A computer comprising:
- a processor;
  
  a bus connected to the processor;
  
  a memory connected to the bus, the memory storing computer usable program code which, when executed by the processor, performs a method for discovering network attack paths, wherein the computer usable program code comprises;
  
  computer usable program code for generating scoring system results, using the processor, based on analysis of vulnerabilities of nodes in a network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the network;
  
  computer usable program code for applying, using the processor, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the network;
  
  computer usable program code for combining, using the processor, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed; and
  
  computer usable program code for applying, using the processor, a weighted-average algorithm to the output to yield at least one ranking of nodes in order of likelihood of targeting by an external attacker.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 26. The computer of claim 25, wherein the weighted-average algorithm is configured to prioritize nodes by magnitude of risk and imminence of risk.
  - 27. The computer of claim 25, wherein the computer usable program code for generating the scoring system results includes a fixed formula for risk assessment.
  - 28. The computer of claim 25, wherein the computer usable program code accounts for betweenness centrality of nodes as a risk factor, wherein betweenness centrality quantifies a number of times a given node in the network acts as a bridge along a shortest path between two other nodes in the network.
  - 29. The computer of claim 25, wherein the computer usable program code accounts for assortativity of nodes, wherein assortativity represents a preference for a given node in the network to attached to other nodes in the network.
  - 30. The computer of claim 25, wherein the selected qualitative risk attributes comprise at least one of threat type, ease of execution, business risk, and certification risk.
  - 31. The computer of claim 25, wherein the computer usable program code further includes:
    - computer usable program code for using the weighted average algorithm to determine at least one resistant attack path into the network.
  - 32. The computer of claim 25 computer usable program code further includes:
    - computer usable program code for using the weighted average algorithm to determine at least one optimal attack path into the network.
  - 33. The method of claim 25 further comprising:
    - determining an aggregated attack path using the weighted-average algorithm.
  - 34. The method of claim 25 further comprising:
    - determining an architecture and configuration of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Choi, Jai Joon, Grubel, Brian Christopher, Reid, Dion Stephen David

Granted Patent

US 11,140,189 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06N 7/01 Probabilistic graphical mod...

H04L 63/1433 Vulnerability analysis

SYSTEM AND METHOD FOR DISCOVERING OPTIMAL NETWORK ATTACK PATHS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DISCOVERING OPTIMAL NETWORK ATTACK PATHS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links