Managing security configuration through machine learning, combinatorial optimization and attack graphs
First Claim
Patent Images
1. A system comprising:
- one or more processors; and
memory, communicatively coupled to the one or more processors, storing an analysis component configured to;
present a first plurality of security configuration changes to an administrator;
receive feedback from the administrator on each of the first plurality of security configuration changes, wherein the feedback received from the administrator includes an approval or a disapproval of each of the first plurality of security configuration changes;
analyze the feedback;
store the feedback received from the administrator including the approval or the disapproval of each of the first plurality of security configuration changes; and
generate a second plurality of security configuration changes based at least in part on the feedback received from the administrator and previously stored feedback received from the administrator, wherein the second plurality of security configuration changes are different from the first plurality of security configuration changes.
2 Assignments
0 Petitions
Accused Products
Abstract
The claimed subject matter provides systems and/or methods that combat identity follow-on attacks. The system can include components for receiving a plurality of security configuration changes, selecting which of the changes included in the plurality of security changes to approve or disapprove, and based on which of the changes are approved or disapproved by an administrator, generating a further plurality of security configuration changes that the administrator can once again approve or disapprove until the administrator is satisfied with the security configuration changes.
-
Citations
20 Claims
-
1. A system comprising:
-
one or more processors; and memory, communicatively coupled to the one or more processors, storing an analysis component configured to; present a first plurality of security configuration changes to an administrator; receive feedback from the administrator on each of the first plurality of security configuration changes, wherein the feedback received from the administrator includes an approval or a disapproval of each of the first plurality of security configuration changes; analyze the feedback; store the feedback received from the administrator including the approval or the disapproval of each of the first plurality of security configuration changes; and generate a second plurality of security configuration changes based at least in part on the feedback received from the administrator and previously stored feedback received from the administrator, wherein the second plurality of security configuration changes are different from the first plurality of security configuration changes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
executing an analysis component by a processor of a machine to generate a plurality of security configuration changes; receiving feedback in the form of an approval or a disapproval from an administrator of each change included in the plurality of security configuration changes; employing machine learning to learn new security configuration changes based on the received feedback and previously stored feedback from the administrator; and generating a further plurality of security configuration changes based at least in part on the machine learning, wherein the further plurality of security configuration changes includes the new security configuration changes learned from employing the machine learning. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
one or more processors; and memory, communicatively coupled to the one or more processors, storing an analysis component configured to; construct an attack graph with nodes made from accounts, machines, or security groups, the nodes connected by an edge, wherein the edge represents a control relationship; estimate an edge cost, the edge cost being used at least in part to determine removal of the edge from the attack graph; receive feedback from an administrator on a willingness to implement a security configuration change; re-estimate the edge cost based on the feedback received from the administrator; compare the estimated edge cost to the re-estimated edge cost; employ machine learning to learn, based on the comparison, new security configuration changes the administrator is likely to select next; and produce a plurality of cut proposals of the attack graph based at least in part on the re-estimated edge cost. - View Dependent Claims (19, 20)
Specification