COMPREHENSIVE RISK ASSESSMENT IN A HETEROGENEOUS DYNAMIC NETWORK

US 20180048669A1
Filed: 03/31/2017
Published: 02/15/2018
Est. Priority Date: 08/12/2016
Status: Active Grant

First Claim

Patent Images

1. A processor implemented method comprising:

receiving data pertaining to information flow between a plurality of nodes identified within systems in a network (202);

identifying one or more affected nodes from the plurality of nodes and one or more affected paths therebetween (204); and

computing attack risk at the one or more affected nodes (206).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables ‘view’ and ‘analyses’ of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.

Citations

20 Claims

1. A processor implemented method comprising:
- receiving data pertaining to information flow between a plurality of nodes identified within systems in a network (202);
  
  identifying one or more affected nodes from the plurality of nodes and one or more affected paths therebetween (204); and
  
  computing attack risk at the one or more affected nodes (206).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The processor implemented method of claim 1 further comprising computing propagated risk on neighboring nodes of the one or more affected nodes.
  - 3. The processor implemented method of claim 2 further comprising computing an aggregated risk at the one or more affected nodes based on the propagated risk.
  - 4. The processor implemented method of claim 3 further comprising computing one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk.
  - 5. The processor implemented method of claim 4 further comprising generating a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of:
    - providing one or more alternate source or path for the data to be derived or propagated respectively;
      
      modifying constraints imposed on the information flow from logical conjunction (“
      
      AND”
      
      ) to logical disjunction (“
      
      OR”
      
      ) or vice-versa;
      
      isolating at least one of the one or more affected nodes or the one or more affected paths therebetween;
      
      deploying data encryption scheme; and
      
      implementing diagnostic measures to measure health of the network.
  - 6. The processor implemented method of claim 4, wherein the business impact loss is based on weight or probability associated with business impact loss and the aggregated risk;
    - the information loss impact is based on weight or probability associated with information loss and the aggregated risk; and
      
      the financial impact loss is based on weight or probability associated with financial impact loss and the aggregated risk.
  - 7. The processor implemented method of claim 1, wherein computing attack risk comprises identifying attack vectors in the network and influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes.
  - 8. The processor implemented method of claim 7, wherein computing propagated risk comprises:
    - receiving pre-defined bipartite graphs of transitions based on the attack vectors and the influence vectors; and
      
      estimating attack probability based on the bipartite graphs, pre-defined weights assigned to the propagated risk and probability of selection of a path in the network.
  - 9. The processor implemented method of claim 1, further comprising simulating a “
    - what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and a conditional analysis assessment is conducted.

10. A system comprising:
- one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to;
  
  receive data pertaining to information flow between a plurality of nodes identified within systems in a network (202);
  
  identify one or more affected nodes from the plurality of nodes and one or more affected paths therebetween (204); and
  
  compute attack risk at the one or more affected nodes (206).
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20)
- - 11. The system of claim 10, wherein the one or more hardware processors are further configured to compute propagated risk on neighboring nodes of the one or more affected nodes.
  - 12. The system of claim 11, wherein the one or more hardware processors are further configured to compute an aggregated risk at the one or more affected nodes based on the propagated risk.
  - 13. The system of claim 12, wherein the one or more hardware processors are further configured to compute one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk.
  - 14. The system of claim 10, wherein the one or more hardware processors are further configured to generate a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of:
    - providing one or more alternate source or path for the data to be derived or propagated respectively;
      
      modifying constraints imposed on the information flow from logical conjunction (“
      
      AND”
      
      ) to logical disjunction (“
      
      OR”
      
      ) or vice-versa;
      
      isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and
      
      implementing diagnostic measures to measure health of the network.
  - 15. The system of claim 13, wherein the business impact loss is based on weight or probability associated with business impact loss and the aggregated risk;
    - the information loss impact is based on weight or probability associated with information loss and the aggregated risk; and
      
      the financial impact loss is based on weight or probability associated with financial impact loss and the aggregated risk.
  - 16. The system of claim 10, wherein the one or more hardware processors are further configured to compute attack risk by identifying attack vectors in the network and influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes.
  - 17. The system of claim 16, wherein the one or more hardware processors are further configured to compute propagated risk by:
    - receiving pre-defined bipartite graphs of transitions based on the attack vectors and the influence vectors; and
      
      estimating attack probability based on the bipartite graphs, pre-defined weights assigned to the propagated risk and probability of selection of a path in the network.
  - 18. The system of claim 10, wherein the one or more hardware processors are further configured to simulate a “
    - what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and a conditional analysis assessment is conducted.
  - 20. The computer program product of claim 13, wherein the computer readable program further causes the computing device to perform one or more of:
    - computing propagated risk on neighboring nodes of the one or more affected nodes;
      
      computing an aggregated risk at the one or more affected nodes based on the propagated risk;
      
      computing one or more of business impact loss, information loss impact and financial impact loss based on the aggregated risk;
      
      generating a mitigation plan based on one or more of the business impact loss, the information loss impact and the financial impact loss, the mitigation plan comprising one or more of;
      
      providing one or more alternate source or path for the data to be derived or propagated respectively;
      
      modifying constraints imposed on the information flow from logical conjunction (“
      
      AND”
      
      ) to logical disjunction (“
      
      OR”
      
      ) or vice-versa;
      
      isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and
      
      implementing diagnostic measures to measure health of the network;
      
      computing attack risk by identifying attack vectors in the network and influence vectors corresponding to the propagated risk of the attack vectors on the neighboring nodes;
      
      computing propagated risk by;
      
      receiving pre-defined bipartite graphs of transitions based on the attack vectors and the influence vectors; and
      
      estimating attack probability based on the bipartite graphs, pre-defined weights assigned to the propagated risk and probability of selection of a path in the network; and
      
      simulating a “
      
      what-if”
      
      condition wherein an attack is simulated to affect one or more nodes and a conditional analysis assessment is conducted.

19. A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- receive data pertaining to information flow between a plurality of nodes identified within systems in a network (202);
  
  identify one or more affected nodes from the plurality of nodes and one or more affected paths therebetween (204); and
  
  compute attack risk at the one or more affected nodes

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Original Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Inventors
LOKAMATHE, SHIVRAJ VIJAYSHANKAR, ALASINGARA BHATTACHAR, RAJAN MINDIGAL, SINGH DILIP THAKUR, MEENA, PURUSHOTHAMAN, BALAMURALIDHAR

Granted Patent

US 10,601,854 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 30/20   Design optimisation, verifi...

G06N 5/04   Inference or reasoning models

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04W 12/122   Counter-measures against at...

COMPREHENSIVE RISK ASSESSMENT IN A HETEROGENEOUS DYNAMIC NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMPREHENSIVE RISK ASSESSMENT IN A HETEROGENEOUS DYNAMIC NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links