Device for and method of computer intrusion anticipation, detection, and remediation

1. An electronic network, comprising:

• a) an electronic hardware network in a user-definable topology, where the electronic network includes multiple devices, where the electronic network includes a command and control layer for controlling the electronic network, where the electronic network includes a transport layer for transporting electronic messages to and from the electronic network, and where the command and control layer is changeable by the transport layer and vice versa;
  
  b) a user-definable number of electronic hardware sensors for collecting computer traffic associated with phases of intrusion activity, where the phases are selected from the group of phases consisting of survey phase, reconnaissance phase, actual intrusion attempt phase, operating malware phase, maintenance phase and any combination of survey, reconnaissance, actual intrusion attempt, operating malware and maintenance phases;
  
  c) a threat-assessment function block embodied in a computing device and connected to the user-definable sensors and producing an assessment of the threat to the electronic network by analyzing information collected by the sensors in user-definable combinations and permutations over a user-definable number of dimensions selected from the group of dimensions consisting of time, space, intrusion choreography, type of intrusion actor, number of intrusion actors, and any combination of time, space, intrusion choreography, type of intrusion actor and number of intrusion actors; and
  
  d) a response function block embodied in a computing device and connected to the threat-assessment block for responding to the threat assessed by the threat-assessment function block, where the response is selected from the group of responses consisting of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network, stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt, and any combination of leaving the topology of the network unchanged, changing the topology of the network to a degree commensurate with the level of perceived threat assessed, modifying the computer traffic associated with an intrusion attempt, modifying the computer traffic associated with functioning malware, stopping computer traffic associated with an intrusion attempt within the network and stopping computer traffic associated with an intrusion attempt at a source of the computer traffic associated with the intrusion attempt.