Systems and methods for a simulated network attack generator

US 9,246,768 B2
Filed: 06/18/2009
Issued: 01/26/2016
Est. Priority Date: 06/18/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user'"'"'s operational environment and user network, such that the simulated network environment operationally mimics the user'"'"'s operational environment and the user network;

a computer platform having hardware and software configured as a standalone configuration;

a module configured for executing an attack scenario against the hardware, software, and virtualized devices, within the simulated network environment while the simulated network environment is operationally mimicking the user'"'"'s operating environment and user network via the hardware, software, and virtual devices, the attack scenario comprising attack events that are one or more actions to be executed by the module, wherein the module is further configured to perform the actions on the hardware, software, and virtual devices thereby causing a failure of the hardware, software, or virtual devices within the simulated network environment; and

an interface configured for receiving additional attack event metadata regarding at least one attack event and adding the received attack event metadata to the corresponding attack event.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed that generates a network attack within a simulated network environment. The system includes a module that creates one or more attack events against network devices within the simulated network environment wherein the attack events include exploitations of published and unpublished vulnerabilities and failures of hardware and software network systems, devices, or applications within the simulated network environment. Additionally, the module executes the created attack event on the simulated network environment. In addition, the system has an interface configured for receiving metadata regarding each attack event and adding the received attack event metadata to each associated attack event.

54 Citations

View as Search Results

25 Claims

1. A system, comprising:
- a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user'"'"'s operational environment and user network, such that the simulated network environment operationally mimics the user'"'"'s operational environment and the user network;
  
  a computer platform having hardware and software configured as a standalone configuration;
  
  a module configured for executing an attack scenario against the hardware, software, and virtualized devices, within the simulated network environment while the simulated network environment is operationally mimicking the user'"'"'s operating environment and user network via the hardware, software, and virtual devices, the attack scenario comprising attack events that are one or more actions to be executed by the module, wherein the module is further configured to perform the actions on the hardware, software, and virtual devices thereby causing a failure of the hardware, software, or virtual devices within the simulated network environment; and
  
  an interface configured for receiving additional attack event metadata regarding at least one attack event and adding the received attack event metadata to the corresponding attack event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The system of claim 1 wherein the interface is a graphical user interface configured to receive the attack event metadata from a user, wherein the attack event metadata includes an attack event editor enabling a user to select and configure the attack events.
  - 3. The system of claim 1 wherein the interface is a logical interface configured to receive the attack event metadata from a software application.
  - 4. The system of claim 1 wherein the attack events comprise email threats, network attacks, or network failures.
  - 5. The system of claim 1, further comprising a graphical user interface (GUI) communicatively connected to the interface of the computer platform, the GUI being configured as an operating network administrator for controlling and monitoring the execution of the attack events.
  - 6. The system of claim 5 wherein the GUI includes an attack event editor configured for writing the attack events into a standard XML file, and wherein the module is further configured for automatically generating unique attributes within each of the one or more created attack events, the attributes including serial numbers that are unique and that are created by automatic incrementation of a global serial number listing, wherein the serial numbers are added to the XML file and stored within the memory, and wherein the attack event editor includes the capability for deleting, removing, modifying and querying the attack events stored in the memory.
  - 7. The system of claim 1, further comprising an attack scenario execution manager configured for initiating the creation and the execution of the attack events.
  - 8. The system of claim 7 wherein the module is configured to generate a bot server module within a bot of the simulated network environment utilizing at least one of the attack events.
  - 9. The system of claim 7 wherein the module is configured for monitoring the execution and transmission of the attack events including the success of the attack events within the simulated network environment and attributes of the attack events.
  - 10. The system of claim 1 wherein the module is configured for creating a listing of network devices within the simulated network environment to be restored based upon a successful execution of the attack events.
  - 11. The system of claim 10 wherein the module is configured for creating an image set of the network devices prior to execution of the attack events.
  - 12. The system of claim 1 wherein the module is configured to create the attack scenario utilizing at least one of the attack events, the attack scenario being a group of the attack events along with corresponding attack event metadata including predefined time of execution.
  - 13. The system of claim 12, further comprising an attack scenario editor configured for grouping attack events together and assigning them a predefined time of execution.
  - 14. The system of claim 13 wherein the attack scenario editor is configured for creating data indicative of an attack scenario in XML format, and wherein the module is configured to generate unique attack scenario attributes and a unique serial number for the attack scenario, and wherein the module is further configured to include the data indicative of the attack scenario attributes and the unique serial number within an XML file, and wherein the attack scenario editor includes the capability for deleting, removing, modifying and querying the attack scenario.
  - 15. The system of claim 14, further comprising an attack scenario execution manager configured for initiating the attack scenario against the simulated network environment.
  - 16. The system of claim 15 wherein the module is configured to generate a bot server module within a bot of the simulated network environment utilizing the attack scenario.
  - 17. The system of claim 12 wherein the module is configured for monitoring the attack scenario as a function of at least one of the following factors:
    - percentage of successes and failures, time, attribute, and attack event.
  - 18. The system of claim 12 wherein the module is configured to execute the attack events responsive to an input from a user or as an execution of the attack scenario along an operational timeline.
  - 19. The system of claim 1, further comprising a graphical user interface including an attack event mitigation editor for defining a mitigation set responsive to the one or more attack events.
  - 20. The system of claim 1 wherein the module is configured for creating a listing of network devices within the simulated network environment that need to be restored based upon a successful execution of an attack scenario.
  - 21. The system of claim 20 wherein the module is configured for creating an image set of the network devices prior to execution of the attack scenario.
  - 22. The system of claim 1, wherein the module is further configured for defining a set of expected user actions within attack event metadata that would mitigate damage or prevent success of attack events when executed and determine, based upon user actions in response to the attack events, whether the user actions are in compliance with the expected user actions.

23. A system, comprising:
- a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user'"'"'s operational environment and user network, such that the simulated network environment mimics the user'"'"'s operational environment and the user network;
  
  a module configured for executing an attack event against the hardware, software, and virtualized devices within the simulated network environment thereby causing failures of the hardware, software, or virtualized devices within the simulated network environment, the module further configured for executing the attack event on the simulated network environment along a predefined operational timeline; and
  
  an interface configured for receiving metadata regarding the attack event and adding the received attack event metadata to the associated attack event.
- View Dependent Claims (24)
- - 24. The system of claim 23 wherein the module is configured for monitoring the attack event as a function of at least one of the following factors:
    - percentage of successes and failures, time, attribute, and the attack event.

25. A system, comprising:
- a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user'"'"'s operational environment and user network, such that the simulated network environment mimics the user'"'"'s operational environment and the user network;
  
  a module configured for executing one or more attack events against the hardware, software, and virtualized devices within the simulated network environment, the attack events, when executed, causing failures of the hardware, software, or virtualized devices within the simulated network environment, the module further configured for defining a set of expected user actions within attack event metadata corresponding to the attack events and based upon the failures, that would mitigate the attack events or prevent the attack events from being successful; and
  
  an interface configured for receiving metadata regarding the one or more attack events and adding the received attack event metadata to each associated attack event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Metova Federal, LLC (By Light Professional IT Services, LLC)
Original Assignee
Camber Corporation (Huntington Ingalls Industries Incorporated)
Inventors
White, Christopher Dyson, Ratcliffe, Chester Randolph III, Espinosa, John Christian, Vickery, Joel Alan, Moate, Aaron Randal, Parker, Ronald David Jr., Crawford, Marc Anthony
Primary Examiner(s)
Davis, Zachary A

Application Number

US12/487,633
Publication Number

US 20090320137A1
Time in Patent Office

2,413 Days
Field of Search

726/25, 726/23, 726/22, 703/17, 703 20- 22, 703/13, 709/224, 718/1
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G09B 19/0053   Computers, e.g. programming

H04L 41/145   involving simulating, desig...

H04L 43/50   Testing arrangements

H04L 63/1433   Vulnerability analysis

H04L 67/75   Indicating network or usage...

Systems and methods for a simulated network attack generator

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for a simulated network attack generator

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links