System, method and computer readable medium for evaluating potential attacks of worms
First Claim
Patent Images
1. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- generate information representative of worm entities;
associate, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, or when a likelihood of occurrences of a potential worm exceeds a certain threshold;
determine potential worm attacks that start from the associated worm sources, by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein the non-transitory computer usable medium is used for holding the model of the network and uses software entities for representing network components; and
evaluate at least one potential worm attack security metric associated with the potential worm attacks;
wherein the information representative of the worm entities comprises at least one profile of at least one group of potential worms;
wherein the computer program product stores instructions for generating the information representative of the worm entities comprising information representative of a group of worms that is less detailed than information representative of a specific worm.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.
81 Citations
34 Claims
-
1. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
generate information representative of worm entities; associate, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, or when a likelihood of occurrences of a potential worm exceeds a certain threshold;determine potential worm attacks that start from the associated worm sources, by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein the non-transitory computer usable medium is used for holding the model of the network and uses software entities for representing network components; and evaluate at least one potential worm attack security metric associated with the potential worm attacks; wherein the information representative of the worm entities comprises at least one profile of at least one group of potential worms; wherein the computer program product stores instructions for generating the information representative of the worm entities comprising information representative of a group of worms that is less detailed than information representative of a specific worm. - View Dependent Claims (3, 4, 5)
-
-
2. The computer program product according to claim l, wherein the worm entities comprise worms and potential worms;
- wherein the computer program product stores instructions for generating information about potential worms that is less detailed than information about worms.
-
6. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
generate information representative of worm entities; associate, in response to information representative of a network and of the worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, or when a likelihood of occurrences of a potential worm exceeds a certain threshold;determine potential worm attacks that start from the associated worm sources, by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein the non-transitory computer usable medium is used for holding the model of the network and uses software entities for representing network components; and evaluate at least one potential worm attack security metric associated with the potential worm attacks; wherein the computer readable program when executed on a computer causes the computer to generate information representative of a worm entity that belongs to the worm entities by calculating a profile of a group of potential worms that is less detailed than at least one profile of a known worm. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for evaluating potential attacks of worms, the method comprising:
- generating information representative of worm entities;
associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, or when a likelihood of occurrences of a potential worm exceeds a certain threshold;determining potential worm attacks that start from the associated worm sources by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein computerized media that is used for holding the model of the network use software entities for representing network components; evaluating at least one potential worm attack security metric associated with the potential worm attacks; and generating information representative of a worm entity that belongs to the worm entities by calculating a profile of a group of potential worms;
wherein the profile of the group of potential worms is less detailed than at least one profile of a known worm, and wherein at least one characteristic of a potential worm is unknown when calculating the profile of the group of potential worms. - View Dependent Claims (24, 25, 26, 27, 28, 29)
- generating information representative of worm entities;
-
30. A system for evaluating potential attacks of worms, the system includes:
- a memory unit adapted to store information representative of a network and of worm entities; and
a processor adapted to;
associate, in response to the information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources;
wherein the association is triggered when a new worm profile is received, when a new worm profile is generated, or when a likelihood of occurrences of a potential worm exceeds a certain threshold;
determine potential worm attacks that start from the associated worm entities by applying a worm attack simulation to a model of the network that represents at least nodes, vulnerabilities and topology of the network, wherein computerized media that is used for holding the model of the network use software entities for representing network components; and
evaluate at least one potential worm attack security metric associated with the potential worm attackswherein the processor is adapted to generate information representative of a worm entity that belongs to the worm entities by calculating a profile of a group of potential worms that is less detailed than at least one profile of a known worm. - View Dependent Claims (31, 32, 33, 34)
- a memory unit adapted to store information representative of a network and of worm entities; and
Specification