PROBABILISTIC MODEL FOR CYBER RISK FORECASTING
First Claim
1. A method in a computing system having a processor for estimating risks related to threats to a networked system of at least one target organization, the method comprising:
- receiving one or more target organization information, asset information, system information, and threat information descriptive of at least one target organization;
calculating, by the processor, threat characteristics for the networked system of the at least one target organization, based on the one or more target organization information, asset information, system information, and threat information descriptive of the at least one target organization;
modeling, by the processor, one or more pathways for at least one of the threats based on the calculated threat characteristics for the networked system of the at least one target organization, wherein the one or more pathways includes at least one time-dependent event;
estimating, by the processor, for the one or more pathways;
probabilities that at least one of the time-dependent events will occur, andprobability distributions of times of occurrence of the at least one time-dependent events; and
determining, by the processor, based on the estimating, a probability distribution of damage to assets of the at least one target organization and a probability distribution of one or more times of such damage to the assets.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method are presented for forecasting the risk of cyber-attacks on targeted networks. The described technology quantifies linear and non-linear damages to network-dependent assets by propagating probabilistic distributions of events in sequence and time in order to forecast damages over specified periods. Damage-forecasts are used to estimate probabilistically time-varying financial losses for cyber-attacks. The described technology incorporates quantities and dependencies for pricing insurance, re-insurance, and self-insurance, assessing cost-benefit tradeoffs for sequenced implementation of security control measures, and detecting attacks in the targeted network.
82 Citations
20 Claims
-
1. A method in a computing system having a processor for estimating risks related to threats to a networked system of at least one target organization, the method comprising:
-
receiving one or more target organization information, asset information, system information, and threat information descriptive of at least one target organization; calculating, by the processor, threat characteristics for the networked system of the at least one target organization, based on the one or more target organization information, asset information, system information, and threat information descriptive of the at least one target organization; modeling, by the processor, one or more pathways for at least one of the threats based on the calculated threat characteristics for the networked system of the at least one target organization, wherein the one or more pathways includes at least one time-dependent event; estimating, by the processor, for the one or more pathways; probabilities that at least one of the time-dependent events will occur, and probability distributions of times of occurrence of the at least one time-dependent events; and determining, by the processor, based on the estimating, a probability distribution of damage to assets of the at least one target organization and a probability distribution of one or more times of such damage to the assets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium storing instructions that, if executed by a processor of a computing system, cause the computing system to perform a method for estimating financial losses to a target organization based on time-varying risks of cyber threats, the method comprising:
-
receiving data relating to a networked system of the target organization; determining a model of the networked system based on the data; propagating probabilistic distributions of cyber threat events over time through the model; and determining probabilistic damages to network-dependent assets of the target organization over a period of time based on the probabilistic distributions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification