System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
First Claim
Patent Images
1. A method for assessing the security posture of a network comprising the steps of:
- creating a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs;
exporting only the required data from the system object model database representing the network to each respective network vulnerability analysis program;
analyzing the network with each network vulnerability analysis program to produce data results from each program;
storing the data results from respective network vulnerability analysis programs and the common system model database within a data fact base; and
applying goal oriented fuzzy logic decision rules to the data fact base to determine the security posture of the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and data processing system assesses the security vulnerability of a network. A system object model database is created and supports the information data requirements of disparate network vulnerability analysis programs. Only the required data from the system object model database representing the network is imported to the programs, which then analyze the network to produce data results from each program. These data results are stored in a common system model database and within the data fact base. Goal oriented fuzzy logic decision rules are applied to determine the vulnerability posture of the network.
94 Citations
27 Claims
-
1. A method for assessing the security posture of a network comprising the steps of:
-
creating a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs;
exporting only the required data from the system object model database representing the network to each respective network vulnerability analysis program;
analyzing the network with each network vulnerability analysis program to produce data results from each program;
storing the data results from respective network vulnerability analysis programs and the common system model database within a data fact base; and
applying goal oriented fuzzy logic decision rules to the data fact base to determine the security posture of the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for assessing the security posture of a network comprising the steps of:
-
creating a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs; and
exporting only the required data from the system object model database to respective network vulnerability analysis programs to produce data results from each program;
storing the data results from respective network vulnerability analysis programs and the common system model database within a data fact base; and
applying goal oriented fuzzy logic decision rules to the data fact base by the use of a plurality of fuzzy expert rules to merge results from the network vulnerability analysis programs so as to determine the security posture of the network. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer program that resides on a medium that can be read by a program, wherein the computer program comprises instructions to cause a computer to create a system object model database representing a network, wherein the system object model database supports the information data requirements of separate, non-integrated network vulnerability analysis programs;
-
export only the required data from the system object model database representing the network to each respective network vulnerability analysis program;
analyze the network with each network vulnerability analysis program to produce data results from each program;
store the results from respective network vulnerability analysis programs and the common system model database within a data fact base; and
apply goal oriented fuzzy logic decision rules to the data fact base to determine the security posture of the network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A data processing system for assessing the security posture of a network comprising:
-
a plurality of separate, non-integrated network vulnerability analysis programs used for analyzing a network;
a system object model database that represents the network to be analyzed, wherein the system object model database supports the information data requirements of the network vulnerability analysis programs;
an applications programming interface for importing the system object model database of the network to the network vulnerability analysis programs;
a filter associated with the applications programming interface and each respective network vulnerability analysis program for filtering data from the system object model database and importing only the required data;
a data fact base for storing the results obtained from respective network vulnerability analysis programs after analyzing the network and the common system model database; and
a fuzzy logic processor for applying goal oriented fuzzy logic decision rules to the fact database by the use of a plurality of fuzzy expert rules for merging results from the network vulnerability analysis programs and determining the security posture of the network. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification