SYSTEM AND METHOD FOR VISUALIZING AND ANALYZING CYBER-ATTACKS USING A GRAPH MODEL
First Claim
1. A computing system comprising:
- one or more network sensors;
one or more sensor interfaces configured to received data from the one or more network sensors; and
one or more processors, the one or more processors configured to;
receive data from the one or more network sensors and convert the received data to a common format, wherein the received data is based on a present state of a computer network;
generate a plurality of nodes and a plurality edges based on the received data and store the generated plurality of nodes and the plurality of edges within a graph database; and
receive a domain specific data query from a user of the computing system, convert the received domain specific data query to a graph database native query, and execute the graph database native query upon the graph database.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for implementing a graph database to analyze and monitor a status of an enterprise computer network is provided. In one example, a plurality of sensors can be inputted into sensor interface in which all of the data associated with the sensors in converted into a common data format. The data can be parsed into a data model that contains nodes and edges in order to generate a graph database model that can allow a network analyst to analyze the real-time status of a computer network. The graph database model can include multiple layers including an infrastructure layer, a cyber threats layer, a cyber posture layer, and a mission readiness layer. The graph database model can also be queried by a user using a domain-specific query language, so as to provide a user-friendly syntax in generating queries.
-
Citations
30 Claims
-
1. A computing system comprising:
-
one or more network sensors; one or more sensor interfaces configured to received data from the one or more network sensors; and one or more processors, the one or more processors configured to; receive data from the one or more network sensors and convert the received data to a common format, wherein the received data is based on a present state of a computer network; generate a plurality of nodes and a plurality edges based on the received data and store the generated plurality of nodes and the plurality of edges within a graph database; and receive a domain specific data query from a user of the computing system, convert the received domain specific data query to a graph database native query, and execute the graph database native query upon the graph database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of generating a graph database, the method comprising:
-
receiving data from one or more network sensors and convert the received data to a common format, wherein the received data is based on a present state of a computer network; generating a plurality of nodes and a plurality edges based on the received data and store the generated plurality of nodes and the plurality of edges within a graph database; receiving a domain specific data query; converting the received domain specific data query to a graph database native query; and executing the graph database native query upon the graph database. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer readable storage medium having stored thereon a set of instructions for generating a graph database that when executed by a computing device, cause the computing device to:
-
receive data from one or more network sensors and convert the received data to a common format, wherein the received data is based on a present state of a computer network; generate a plurality of nodes and a plurality edges based on the received data and store the generated plurality of nodes and the plurality of edges within a graph database; receive a domain specific data query; convert the received domain specific data query to a graph database native query; and execute the graph database native query upon the graph database. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification