Attack impact prediction system

US 7,281,270 B2
Filed: 04/01/2003
Issued: 10/09/2007
Est. Priority Date: 04/01/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing network security for a computer network, said method comprising:

in response to a detection of an intrusion to a computer network, notifying an attack impact prediction (AIP) agent of said detected intrusion;

broadcasting said detected intrusion to other AIP agents within said computer network by said AIP agent;

determining an impact of said detected intrusion at each node of said computer network by each node'"'"'s respective AIP agent;

in response to a determination that an impact of said detected intrusion on a node exceeds a predetermined severity threshold, ascertaining an action to be taken by an AIP agent associated with said node; and

performing said ascertained action by said AIP agent associated with said node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An attack impact prediction system for providing network security for computer networks is disclosed. A computer network includes multiple attack impact prediction (AIP) agents. In response to a detection of an intrusion to a computer network, an AIP agent is notified of the intrusion. In turn, the AIP agent broadcasts the detected intrusion to other AIP agents within the computer network. An impact of the detected intrusion is then determined at each node by its respective AIP agent. In response to a determination that an impact of the detected intrusion on a node exceeds a predetermined severity threshold, then actions need to be taken by each respective AIP agent is ascertained. Finally, the ascertained actions are performed by one or more AIP agents at various points within the computer network.

Citations

17 Claims

1. A method for providing network security for a computer network, said method comprising:
- in response to a detection of an intrusion to a computer network, notifying an attack impact prediction (AIP) agent of said detected intrusion;
  
  broadcasting said detected intrusion to other AIP agents within said computer network by said AIP agent;
  
  determining an impact of said detected intrusion at each node of said computer network by each node'"'"'s respective AIP agent;
  
  in response to a determination that an impact of said detected intrusion on a node exceeds a predetermined severity threshold, ascertaining an action to be taken by an AIP agent associated with said node; and
  
  performing said ascertained action by said AIP agent associated with said node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 11)
- - 2. The method of claim 1, wherein the detection of an intrusion to a computer network is made in real-time.
  - 3. The method of claim 1, wherein the detection of an intrusion to a computer network is determined at each node.
  - 4. The method of claim 1, wherein said broadcasting further includes notifying an agent monitor of said intrusion by said AIP agent.
  - 5. The method of claim 1, wherein said broadcasting further includes broadcasting a type, a source and a target of said intrusion to other AIP agents by said AIP agent.
  - 6. The method of claim 1, wherein said determining further includes utilizing a risk equation to calculate a Severity value as follows:
    - Severity=(Criticality+Lethality)−
      
      (System Countermeasures+Network Countermeasures).
  - 7. The method of claim 1, wherein said performing further includes reporting said determined action to an agent monitor by said agent associated with said node.
  - 11. The computer program product of claim 6, wherein said program code means for determining further includes a risk equation for calculating a Severity value as follows:
    - Severity=(Criticality+Lethality)−
      
      (System Countermeasures+Network Countermeasures).

8. computer program product residing on a computer usable medium for providing network security for a computer network, said computer program product comprising:
- program code means for notifying an attack impact prediction (AIP) agent of said detected intrusion, in response to a detection of an intrusion to a computer network;
  
  program code means for broadcasting said detected intrusion to other AIP agents within said computer network by said AIP agent;
  
  program code means for determining an impact of said detected intrusion at each node of said computer network by each node'"'"'s respective AIP agent;
  
  program code means for ascertaining an action to be taken by an AIP agent associated with said node, in response to a determination that an impact of said detected intrusion on a node exceeds a predetermined severity threshold; and
  
  program code means for performing said ascertained action by said AIP agent associated with said node.
- View Dependent Claims (9, 10, 12)
- - 9. The computer program product of claim 8, wherein said program code means for broadcasting further includes program code means for notifying an agent monitor of said intrusion by said AIP agent.
  - 10. The computer program product of claim 8, wherein said program code means for broadcasting further includes program code means for broadcasting a type, a source and a target of said intrusion to other AIP agents by said AIP agent.
  - 12. The computer program product of claim 8, wherein said program code means for performing further includes program code means for reporting said determined action to an agent monitor by said agent associated with said node.

13. A computer network having a network security, said computer system comprising:
- means for notifying an attack impact prediction (AIP) agent of said detected intrusion, in response to a detection of an intrusion to a computer network;
  
  means for broadcasting said detected intrusion to other AIP agents within said computer network by said AIP agent;
  
  means for determining an impact of said detected intrusion at each node of said computer network by each node'"'"'s respective AIP agent;
  
  means for ascertaining an action to be taken by an AIP agent associated with said node, in response to a determination that an impact of said detected intrusion on a node exceeds a predetermined severity threshold; and
  
  means for performing said ascertained action by said AIP agent associated with said node.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer network of claim 13, wherein said means for determining further includes a risk equation for calculating a Severity value as follows:
    - Severity=(Criticality+Lethality)−
      
      (Computer network Countermeasures+Network Countermeasures).
  - 15. The computer network of claim 13, wherein said means for performing further includes means for reporting said determined action to an agent monitor by said agent associated with said node.
  - 16. The computer network of claim 13, wherein said means for broadcasting further includes program code means for notifying an agent monitor of said intrusion by said AIP agent.
  - 17. The computer network of claim 16, wherein said means for broadcasting further includes means for broadcasting a type, a source and a target of said intrusion to other AIP agents by said AIP agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Piesco, Albert L., Walsh, Julia H.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Lipman; Jacob

Application Number

US10/404,848
Publication Number

US 20060010493A1
Time in Patent Office

1,652 Days
Field of Search

726/25, 726/22
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Attack impact prediction system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Attack impact prediction system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links