DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM

US 20170126712A1
Filed: 08/15/2016
Published: 05/04/2017
Est. Priority Date: 10/28/2015
Status: Active Grant

First Claim

Patent Images

1. A system for detection and mitigation of cyberattacks employing an advanced cyber decision platform comprising:

a time series data retrieval and storage module stored in a memory of and operating on a processor of a computing device;

a directed computational graph analysis module stored in a memory of and operating on a processor of a computing device;

an action outcome simulation module stored in a memory of and operating on a processor of a computing device; and

an observation and state estimation module stored in a memory of and operating on a processor of a computing device;

wherein, the time series data retrieval and storage module;

monitors cybersecurity related data from a plurality of sources;

continuously monitors traffic on at least one client network; and

stores retrieved and monitored data;

wherein, the directed computational graph analysis module;

retrieves a plurality of data from the time series data retrieval and storage module;

analyzes at least a portion of retrieved data for baseline pattern determination;

analyzes at least a portion of retrieved data for predetermined anomalous occurrences; and

provides relevant data and metadata to the action outcome simulation module;

wherein, the action outcome simulation module;

receives data and metadata for predictive simulation analysis from the directed computational graph analysis module;

performs predictive simulation transformations on data provided by other modules of the advanced cyber decision platform; and

provides results of predictive simulation analysis to predetermined modules of advanced cyber decision platform;

wherein, the observation and state estimation module formats data received from other modules of the advanced cyber decision platform in ways predesigned to maximize conveyance of included information and data.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data retrieval module, a directed computational graph module, an outcome simulation module, and an observation module. The time series data retrieval module monitors cybersecurity related data from multiple sources, and continuously monitors traffic on a client network. The directed computational graph module analyzes the retrieved data for baseline pattern determination, and analyzes the data for anomalous occurrences. The outcome simulation module performs predictive simulation transformations on data provided by other modules of the platform and provides results as needed. The observation module formats data to maximize impact of included information and data.

81 Citations

16 Claims

1. A system for detection and mitigation of cyberattacks employing an advanced cyber decision platform comprising:
- a time series data retrieval and storage module stored in a memory of and operating on a processor of a computing device;
  
  a directed computational graph analysis module stored in a memory of and operating on a processor of a computing device;
  
  an action outcome simulation module stored in a memory of and operating on a processor of a computing device; and
  
  an observation and state estimation module stored in a memory of and operating on a processor of a computing device;
  
  wherein, the time series data retrieval and storage module;
  
  monitors cybersecurity related data from a plurality of sources;
  
  continuously monitors traffic on at least one client network; and
  
  stores retrieved and monitored data;
  
  wherein, the directed computational graph analysis module;
  
  retrieves a plurality of data from the time series data retrieval and storage module;
  
  analyzes at least a portion of retrieved data for baseline pattern determination;
  
  analyzes at least a portion of retrieved data for predetermined anomalous occurrences; and
  
  provides relevant data and metadata to the action outcome simulation module;
  
  wherein, the action outcome simulation module;
  
  receives data and metadata for predictive simulation analysis from the directed computational graph analysis module;
  
  performs predictive simulation transformations on data provided by other modules of the advanced cyber decision platform; and
  
  provides results of predictive simulation analysis to predetermined modules of advanced cyber decision platform;
  
  wherein, the observation and state estimation module formats data received from other modules of the advanced cyber decision platform in ways predesigned to maximize conveyance of included information and data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein at least a portion of the data retrieved by the time series data retrieval and storage module is cybersecurity intelligence data from a plurality of expert sources.
  - 3. The system of claim 1, wherein at least a portion of baseline data analyzed by the directed computational graph analysis module is network equipment logs, network equipment configuration parameters, network topology information and network resident server logs for the purpose of predictively uncovering network vulnerabilities.
  - 4. The system of claim 1, wherein at least a portion of baseline data analyzed by the directed computational graph analysis module is the normal network usage traffic of at least one sanctioned network user.
  - 5. The system of claim 1, wherein at least a portion of simulations run by action outcome simulation module include predictive discovery of resident network infrastructure vulnerabilities to a plurality of cyber-exploits and provide at least one resultant correction recommendation.
  - 6. The system of claim 1, wherein at least a portion of simulations run by action outcome simulation module include network traffic sample data from a probable ongoing cyberattack to predict the timeline of progression and at least one recommendation predicted to result in efficacious, mitigating outcome.
  - 7. The system of claim 1, wherein at least a portion of output formatted by observation and state estimation module is directed to produce the greatest focused actionable response from a subset of the set of those participating in cybersecurity response.
  - 8. The system of claim 1, wherein at least a portion of output formatted by observation and state estimation module provides specifically segmented subset of the available information for delivery to one or more cyberattack response groups having differing roles in the mitigation and recovery process.

9. A method for mitigation of cyberattacks employing an advanced cyber decision platform comprising the steps of:
- a) retrieving a plurality of cybersecurity related data from a plurality of sources using a time series data retrieval and storage module;
  
  b) analyzing the cybersecurity related data using a directed computational graph analysis module to detect ongoing cyberattacks;
  
  c) simulating a plurality of outcomes from the available cybersecurity related data to predict network vulnerability and probable timeline of an ongoing cyberattack using an action outcome simulation module;
  
  d) presenting resultant information from advanced cyber decision platform analysis in format predesigned to convey the maximal actionable impact using an observation and state estimation module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein at least a portion of the data retrieved by the time series data retrieval and storage module is cybersecurity intelligence data from a plurality of expert sources.
  - 11. The method of claim 9, wherein at least a portion of baseline data analyzed by the directed computational graph analysis module is network equipment logs, network equipment configuration parameters, network topology information and network resident server logs for the purpose of predictively uncovering network vulnerabilities.
  - 12. The method of claim 9, wherein at least a portion of baseline data analyzed by the directed computational graph analysis module is the normal network usage traffic of at least one sanctioned network user.
  - 13. The method of claim 9, wherein at least a portion of simulations run by action outcome simulation module include predictive discovery of resident network infrastructure vulnerabilities to a plurality of cyber-exploits and provide at least one resultant correction recommendation.
  - 14. The method of claim 9, wherein at least a portion of simulations run by action outcome simulation module include network traffic sample data from a probable ongoing cyberattack to predict the timeline of progression and provide at least one recommendation predicted to give rise to an efficacious mitigating outcome.
  - 15. The method of claim 9, wherein at least a portion of output formatted by observation and state estimation module is directed to produce the greatest focused actionable response from a subset of the set of those participating in cybersecurity response.
  - 16. The method of claim 9, wherein at least a portion of output formatted by observation and state estimation module provides specifically segmented subset of the available information for delivery to one or more cyberattack response groups having differing roles in the mitigation and recovery process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qomplx LLC
Original Assignee
Fractal Industries, Inc.
Inventors
Crabtree, Jason, Sellers, Andrew

Granted Patent

US 10,248,910 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

G06N 5/04   Inference or reasoning models

G06N 7/01   Probabilistic graphical mod...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links