System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning

US 7,784,099 B2
Filed: 02/21/2006
Issued: 08/24/2010
Est. Priority Date: 02/18/2005
Status: Active Grant

First Claim

Patent Images

1. A system for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:

the communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device;

a database accessible over the network and operable to store information related to the network;

a vulnerability assessment component that is operable to execute a command over the communication network;

a data monitoring utility that is operable to monitor data transmitted over the communication network as the vulnerability assessment component executes commands; and

an intrusion detection component that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and to compare the first data transmission with the second data transmission;

wherein the vulnerability assessment component interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for predicting and preventing unauthorized intrusion in a computer configuration. Preferably, the invention comprises a communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device. The invention further comprises a database that is accessible over the network and operable to store information related to the network. A vulnerability assessment component is provided that is operable to execute a command over the communication network, and a data monitoring utility operates to monitor data transmitted over the communication network as the vulnerability assessment component executes commands. Also, an intrusion detection component is included that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission on the communication network, and to compare the first data transmission with a second data transmission. The vulnerability assessment component preferably interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.

58 Citations

View as Search Results

19 Claims

1. A system for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:
- the communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device;
  
  a database accessible over the network and operable to store information related to the network;
  
  a vulnerability assessment component that is operable to execute a command over the communication network;
  
  a data monitoring utility that is operable to monitor data transmitted over the communication network as the vulnerability assessment component executes commands; and
  
  an intrusion detection component that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and to compare the first data transmission with the second data transmission;
  
  wherein the vulnerability assessment component interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the vulnerability assessment component executes a command that exposes a weakness of a single aspect of at least one computing device.
  - 3. The system of claim 1, further comprising an explanation-based learning component operable to generalize the comparison made by the intrusion detection component.
  - 4. The system of claim 1, wherein the vulnerability assessment component further comprises a cognitive architecture component that provides cognitive capabilities.
  - 5. The system of claim 4, wherein the cognitive capabilities include at least one of applying a natural language, learning, real-time responses, emotion and/or concept learning.
  - 6. The system of claim 4, wherein the cognitive architecture is SOAR.
  - 7. The system of claim 1, wherein the vulnerability assessment component further comprises a rule-base engine that is operable to execute authorized and/or unauthorized commands on the computer network, and is further to record the results thereof.
  - 8. The system of claim 7, wherein the authorized activities comprise one or more of downloading a web page, sending e-mail and pinging a device and the unauthorized activities comprise one or more of executing port scans, launching buffer overflow attacks and remote control activity.
  - 9. The system of claim 1, wherein the vulnerability assessment component detects vulnerability caused by an upgrade to a computing device or network device, a modification of a computing device or an network device, and/or the addition, modification or subtraction of software.
  - 10. The system of claim 1, wherein the vulnerability assessment component is operable to determine data transmissions that represent unauthorized activity.

11. A method for predicting and preventing unauthorized intrusion in a computer configuration comprising at least one of a computing device and a communication network, the system comprising:
- providing a database accessible over the communication network and operable to store information related to the network;
  
  executing a command over the communication network;
  
  monitoring data transmitted over the communication network as the command is executed; and
  
  providing a simulated copy of the network, generating a first data transmission on the simulated copy of the network that represents a second data transmission transmitted on the communication network, and comparing the first data transmission to the second data transmission;
  
  defining rules associated with the first and second data transmissions, storing the rules in the database, and retrieving the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the executed command on the network exposes a weakness of a single aspect of at least one computing device.
  - 13. The method of claim 11, further comprising generalizing the comparison of the first data transmission to the second data transmission.
  - 14. The method of claim 11, further comprising providing cognitive capabilities.
  - 15. The method of claim 14, wherein the cognitive capabilities include a natural language application, learning, real-time responses, emotion and/or concept learning.
  - 16. The method of claim 11, further comprising executing authorized and/or unauthorized commands on the computer network, and recording the results thereof
  - 17. The method of claim 16, wherein the authorized activities comprise one or more of downloading a web page, sending e-mail and pinging a device and the unauthorized activities comprises one or more of executing port scans, launching buffer overflow attacks and remote control activity.
  - 18. The method of claim 11, further comprising detecting vulnerability caused by an upgrade to a computing device or network device, a modification of a computing device or an network device, and/or the addition, modification or subtraction of software.
  - 19. The method of claim 11, further comprising determining data transmissions that represent unauthorized activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pace University
Original Assignee
Pace University
Inventors
Benjamin, Paul
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US11/358,165
Publication Number

US 20060191010A1
Time in Patent Office

1,645 Days
Field of Search

726/25, 726/23
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links