Graphical models for cyber security analysis in enterprise networks
First Claim
1. A method of generating graphical models for providing security analysis in computer networks including the steps of:
- providing an enterprise computer network;
generating a type abstract graph independent of said particular network that models abstract dependency relationships among attributes and exploits using a software tool;
generating a network-specific attack graph by combining said type abstract graph with specific information regarding said network using the software tool;
monitoring an intruder alert; and
generating a real-time attack graph of the network by correlating the intruder alert with said network-specific attack graph using the software tool.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of generating graphical models for providing security analysis in computer networks that in one embodiment includes the steps of generating a type abstract graph independent of particular networks that models abstract dependency relationships among attributes and exploits; generating network-specific attack graphs by combining the type abstract graph with specific network information; monitoring an intruder alert; and generating a real-time attack graph by correlating the intruder alert with the network-specific attack graph. The real-time attack graph can be generated using reachability checking, bridging, and exploit prediction based on consequence alerts and may further include the step of calculating the likelihood of queries using a Bayesian network model. The method may also include the steps of inferring unobserved attacks that may have been missed by intrusion detection sensors, and projecting on which hosts and using what exploits additional intruder attacks may occur. The method may further include the step of comparing alternate actions by computation, wherein the alternate actions include the step of patching some vulnerabilities, and wherein the specific network information includes network topology. The specific network information may also include firewall rules.
-
Citations
44 Claims
-
1. A method of generating graphical models for providing security analysis in computer networks including the steps of:
-
providing an enterprise computer network; generating a type abstract graph independent of said particular network that models abstract dependency relationships among attributes and exploits using a software tool; generating a network-specific attack graph by combining said type abstract graph with specific information regarding said network using the software tool; monitoring an intruder alert; and generating a real-time attack graph of the network by correlating the intruder alert with said network-specific attack graph using the software tool. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for generating graphical models for providing security analysis in computer networks comprising:
-
an enterprise computer network; a type abstract graph independent of said particular network that models abstract dependency relationships among attributes and exploits generated by a software tool; and a network-specific attack graph of said network based on said type abstract graph generated by a software tool, wherein the network-specific graph is at least partly defined by a reachability clause, a state clause of one or more hosts and a vulnerability clause. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification