System and method for simulating computer network attacks

US 8,356,353 B2
Filed: 06/26/2008
Issued: 01/15/2013
Est. Priority Date: 06/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method of providing computer network attack simulation on a computer, comprising the steps of:

receiving a network configuration, a network setup description, and a penetration testing framework with a local agent installed in the penetration testing framework;

simulating the network based on the received network configuration, wherein the simulated network contains at least one of the group consisting of a simulated computer, a simulated machine, and a simulated network device;

receiving a remote agent running in one simulated computer of the simulated network and connected to the penetration testing framework through the local agent;

receiving a simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device;

querying an exploit database with a property of said simulated exploit;

receiving an exploit outcome probability from said exploit database in response to said querying;

determining an outcome of the simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device based on said exploit outcome probability; and

when the outcome of the simulated exploit is compromising the simulated computer, simulated machine, or simulated network device, virtually installing a remote agent on the at least one simulated computer, simulated machine, or simulated network device, wherein the remote agent allows a user to execute arbitrary operating system calls on the at least one simulated computer, simulated machine, or simulated network device from the local agent.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for providing computer network attack simulation. The method includes the steps of: receiving a network configuration and setup description; simulating the network configuration based on the received network configuration; receiving at least one confirmed vulnerability of at least one computer, machine, or network device in the simulated network; receiving a method for compromising the confirmed vulnerability of the at least one computer, machine, or network device; and virtually installing a network agent on the at least one computer, machine, or network device, wherein the network agent allows a penetration tester to execute arbitrary operating system calls on the at least one computer, machine, or network device.

52 Citations

View as Search Results

11 Claims

1. A method of providing computer network attack simulation on a computer, comprising the steps of:
- receiving a network configuration, a network setup description, and a penetration testing framework with a local agent installed in the penetration testing framework;
  
  simulating the network based on the received network configuration, wherein the simulated network contains at least one of the group consisting of a simulated computer, a simulated machine, and a simulated network device;
  
  receiving a remote agent running in one simulated computer of the simulated network and connected to the penetration testing framework through the local agent;
  
  receiving a simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device;
  
  querying an exploit database with a property of said simulated exploit;
  
  receiving an exploit outcome probability from said exploit database in response to said querying;
  
  determining an outcome of the simulated exploit for compromising the at least one simulated computer, simulated machine, or simulated network device based on said exploit outcome probability; and
  
  when the outcome of the simulated exploit is compromising the simulated computer, simulated machine, or simulated network device, virtually installing a remote agent on the at least one simulated computer, simulated machine, or simulated network device, wherein the remote agent allows a user to execute arbitrary operating system calls on the at least one simulated computer, simulated machine, or simulated network device from the local agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising the step of executing the arbitrary operating system calls on the simulated computer to analyze risk to which the network may be exposed.
  - 3. The method of claim 1, wherein the network configuration is provided by a configuration file.
  - 4. The method of claim 3, wherein the configuration file contains a template that is used for at least a portion of the at least one simulated computer, simulated machine, or simulated network device.
  - 5. The method of claim 3, wherein the configuration file describes which simulated computers are in the simulated network, and at least one of what applications and services are run by the simulated computers, what operating systems are run by the simulated computers, and how the simulated computers are connected through the network.
  - 6. The method of claim 1, wherein more than one simulator is used to perform the step of simulating the network configuration.
  - 7. The method of claim 6, wherein a simulator monitor provides management and administrative operations for each simulator.
  - 8. The method of claim 7, wherein a graphical user interface connected to the simulator allows a user of the present method to view information provided by the simulator monitor.
  - 9. The method of claim 1, wherein the network configuration includes at least two simulated computers that communicate with each other.
  - 10. The method of claim 1, further comprising the step of issuing arbitrary operating system calls from the local agent so that the arbitrary operating system calls are executed on the simulated computer and their answer is returned to the local agent to allow the execution of modules within the penetration testing framework.
  - 11. The method of claim 1, wherein the outcome is selected from the group consisting of compromising the system, crashing the system, and doing nothing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ecrime Management Strategies, Inc.
Original Assignee
Core SDI, Inc.
Inventors
Futoransky, Ariel, Miranda, Fernando Carlos, Orlicki, Jose Ignacio, Sarraute Yamada, Carlos Emilio
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US12/147,282
Publication Number

US 20090007270A1
Time in Patent Office

1,664 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

H04L 41/048   mobile agents

H04L 43/50   Testing arrangements

H04L 63/1433   Vulnerability analysis

System and method for simulating computer network attacks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

System and method for simulating computer network attacks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others