Graph-based approach to deterring persistent security threats
First Claim
1. A method comprising the steps of:
- assigning attack-escalation states of a persistent security threat to respective nodes in a graph, wherein assigning attack-escalation states of the persistent security threat to respective nodes in the graph comprises assigning initial and final attack-escalation states to respective source and target nodes in the graph;
assigning defensive costs to respective edges in the graph for preventing transitions between pairs of the nodes, wherein the defensive costs represent costs for preventing respective attack actions;
computing a minimum cut of the graph to identify a set of one or more edges that if removed from the graph will prevent the persistent security threat from proceeding from the source node to the target node; and
determining a defensive strategy based on the minimum cut;
wherein a system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat; and
wherein the steps are performed by a processing device comprising a processor coupled to a memory.
9 Assignments
0 Petitions
Accused Products
Abstract
A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
49 Citations
20 Claims
-
1. A method comprising the steps of:
-
assigning attack-escalation states of a persistent security threat to respective nodes in a graph, wherein assigning attack-escalation states of the persistent security threat to respective nodes in the graph comprises assigning initial and final attack-escalation states to respective source and target nodes in the graph; assigning defensive costs to respective edges in the graph for preventing transitions between pairs of the nodes, wherein the defensive costs represent costs for preventing respective attack actions; computing a minimum cut of the graph to identify a set of one or more edges that if removed from the graph will prevent the persistent security threat from proceeding from the source node to the target node; and determining a defensive strategy based on the minimum cut; wherein a system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat; and wherein the steps are performed by a processing device comprising a processor coupled to a memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; wherein the memory is configured to store information characterizing a graph in which attack-escalation states of a persistent security threat are assigned to respective nodes in the graph and defensive costs are assigned to respective edges in the graph for preventing transitions between pairs of the nodes; wherein the attack-escalation states of the persistent security threat that are assigned to respective nodes in the graph comprise initial and final attack-escalation states assigned to respective source and target nodes in the graph; wherein the defensive costs represent costs for preventing respective attack actions; wherein the processing device under control of the processor is operative; to compute a minimum cut of the graph to identify a set of one or more edges that if removed from the graph will prevent the persistent security threat from proceeding from the source node to the target node; and to determine a defensive strategy based on the minimum cut; and wherein a system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat. - View Dependent Claims (17, 18)
-
-
19. An information processing system comprising:
-
information technology infrastructure subject to a persistent security threat; and at least one processing device; wherein the processing device is configured; to assign attack-escalation states of the persistent security threat to respective nodes in a graph, the assigned attack-escalations states comprising initial and final attack-escalation states assigned to respective source and target nodes in the graph; to assign defensive costs to respective edges in the graph for preventing transitions between pairs of the nodes, the defensive costs representing costs for preventing respective attack actions; to compute a minimum cut of the graph to identify a set of one or more edges that if removed from the graph will prevent the persistent security threat from proceeding from the source node to the target node; and to determine a defensive strategy based on the minimum cut; and wherein the information technology infrastructure is configured in accordance with the defensive strategy in order to deter the persistent security threat. - View Dependent Claims (20)
-
Specification