ADVANCED CYBERSECURITY THREAT MITIGATION USING BEHAVIORAL AND DEEP ANALYTICS

US 20170324768A1
Filed: 07/20/2017
Published: 11/09/2017
Est. Priority Date: 10/28/2015
Status: Active Grant

First Claim

Patent Images

1. An advanced cyber decision platform for mitigation of cyberattacks, the platform comprising:

a time series data store comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to”

monitor a plurality of network events;

produce time-series data comprising at least a record of a network event and the time at which the event occurred;

an observation and state estimation module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;

monitor a plurality of connected resources on a network;

produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the network and the physical relationships between any connected resources that comprise at least a hardware device;

a directed computational graph module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;

perform a plurality of analysis and transformation operations on at least a portion of the time-series data;

perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and

an action-outcome simulation module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;

produce a simulated network event comprising at least a simulated cyberattack;

produce a plurality of security recommendations based at least in part on the results of analysis performed by the directed computational graph module.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Citations

7 Claims

1. An advanced cyber decision platform for mitigation of cyberattacks, the platform comprising:
- a time series data store comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to”
  
  monitor a plurality of network events;
  
  produce time-series data comprising at least a record of a network event and the time at which the event occurred;
  
  an observation and state estimation module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;
  
  monitor a plurality of connected resources on a network;
  
  produce a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the network and the physical relationships between any connected resources that comprise at least a hardware device;
  
  a directed computational graph module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;
  
  perform a plurality of analysis and transformation operations on at least a portion of the time-series data;
  
  perform a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph; and
  
  an action-outcome simulation module comprising at least a processor, a memory, and a plurality of programming instructions stored in the memory and operating on the processor, wherein the programmable instructions, when operating on the processor, cause the processor to;
  
  produce a simulated network event comprising at least a simulated cyberattack;
  
  produce a plurality of security recommendations based at least in part on the results of analysis performed by the directed computational graph module.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise the calculation of an impact assessment score for each of a portion of the resources in the graph.
  - 3. The system of claim 2, wherein the plurality of analysis and transformation operations performed on at least a portion of the time-series data comprise the calculation of the overall impact of a cyberattack, wherein the calculation is based at least in part on the impact assessment score for each resource affected by the cyberattack.
  - 4. The system of claim 1, wherein the plurality of analysis and transformation operations performed on at least a portion of the cyber-physical graph comprise a comparison of relationships between resources against known security vulnerabilities.
  - 5. The system of claim 4, wherein the recommendations produced by the action-outcome simulation module are based at least in part on the results of the comparison against known security vulnerabilities.
  - 6. The system of claim 1, wherein the observation and state estimation module is further configured to produce a visualization based at least in part on at least a portion of the time-series data, wherein the visualization illustrates changes to the data over time.

7. A method for mitigation of cyberattacks employing an advanced cyber decision platform comprising the steps of:
- a) producing, using an observation and state estimation module, a a cyber-physical graph representing at least a portion of the plurality of connected resources, the cyber-physical graph comprising at least the logical relationships between the portion of the plurality of connected resources on the network and the physical relationships between any connected resources that comprise at least a hardware device;
  
  b) performing, using a directed computational graph module, a plurality of analysis and transformation operations on at least a portion of the cyber-physical graph;
  
  c) producing, using an action outcome simulation module, a simulated network event comprising at least a simulated cyberattack;
  
  d) monitoring, using a time series data store, a plurality of network events comprising at least the simulated cyberattack;
  
  e) producing time-series data based at least in part on the network events;
  
  f) performing a plurality of analysis and transformation operations on at least a portion of the time-series data; and
  
  g) producing a plurality of security recommendations based at least in part on the results of analysis performed by the directed computational graph module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qomplx LLC (f/k/a QPX LLC)
Original Assignee
Fractal Industries, Inc.
Inventors
Crabtree, Jason, Sellers, Andrew

Granted Patent

US 10,735,456 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/362   Software debugging

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

ADVANCED CYBERSECURITY THREAT MITIGATION USING BEHAVIORAL AND DEEP ANALYTICS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

ADVANCED CYBERSECURITY THREAT MITIGATION USING BEHAVIORAL AND DEEP ANALYTICS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links