Assessing threat to at least one computer network

US 9,363,279 B2
Filed: 05/19/2010
Issued: 06/07/2016
Est. Priority Date: 05/27/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus including one or more computer processors and a non-transient computer readable memory, wherein the one or more computer processors are configured pursuant toprogramming code in a the non-transient computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events,wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat,to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and to predict a distribution of future threat events by repeating the simulation using a plurality of variables;

andwherein the apparatus is further configured to determine an expected downtime of each of said systems in dependence upon said predicted future threat activity and to determine a financial loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add the financial losses for said plurality of processes so as to obtain a combined financial loss arising from the predicted future threat activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus configured to determine predicted threat activity based on stochastic modelling of threat events capable of affecting at least one computer network in which a plurality of systems operate.

33 Citations

View as Search Results

30 Claims

1. An apparatus including one or more computer processors and a non-transient computer readable memory, wherein the one or more computer processors are configured pursuant toprogramming code in a the non-transient computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events,wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat,to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and to predict a distribution of future threat events by repeating the simulation using a plurality of variables;
- andwherein the apparatus is further configured to determine an expected downtime of each of said systems in dependence upon said predicted future threat activity and to determine a financial loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add the financial losses for said plurality of processes so as to obtain a combined financial loss arising from the predicted future threat activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The apparatus according to claim 1, wherein the apparatus is configured to model a set of past observed threat events so as to obtain at least one model parameter.
  - 3. The apparatus according to claim 2, wherein the apparatus is configured to model the set of past observed threat events using regression.
  - 4. The apparatus according to claim 3, wherein the apparatus is configured to model the set of past observed threat events using weighted regression.
  - 5. The apparatus according to claim 4, wherein the apparatus is configured to model the set of past observed threat events using linear regression.
  - 6. The apparatus according to claim 5, wherein the apparatus is configured to model the set of past observed threat events using exponential regression.
  - 7. The apparatus according to claim 6, wherein the apparatus is configured to model the set of past observed threat events using at least two different models and to obtain at least two different sets of model parameters.
  - 8. The apparatus according to claim 7, wherein at least one model parameter includes at least one parameter indicating goodness of fit of the model.
  - 9. The apparatus according to claim 1, further comprising a user interface which is configured to present at least one model parameter to a user.
  - 10. The apparatus according to claim 1, wherein the apparatus is configured to predict future threat events using at least one model parameter and a stochastic model using said at least one model parameter.
  - 11. The apparatus according to claim 10, wherein the apparatus is configured to randomly draw at least one variable according to a predefined distribution and to use said at least one variable in the stochastic model.
  - 12. The apparatus according to claim 11, wherein the apparatus is configured to predict a distribution of future threat events using a Monte Carlo method by repeating a simulation.
  - 13. The apparatus according to claim 1, wherein the apparatus is configured to allow for parameter uncertainty.
  - 14. The apparatus according to claim 1, further comprising a user interface which is configured to present an outcome of stochastic modelling to a user.
  - 15. The apparatus according to claim 1, wherein the apparatus is configured to store at least one of the losses and the combined loss in a storage device.
  - 16. The apparatus according to claim 1, wherein the apparatus is configured to display at least one of the losses and the combined loss on a display device.
  - 17. The apparatus according to claim 1, wherein the apparatus is configured to retrieve a list of past observed threats and to determine the predicted future threat activity based upon the list of past observed threats.
  - 18. The apparatus according to claim 17, wherein the past observed list of threats includes, for each threat, information identifying at least one system.
  - 19. The apparatus according to claim 17, wherein the past observed list of threats includes, for each threat, information identifying frequency of occurrence of the threat.
  - 20. The apparatus according to claim 19, wherein the frequency of occurrence of the past observed threat includes at least one period of time and corresponding frequency of occurrence for the at least one period of time.
  - 21. The apparatus according to claim 1, wherein the plurality of systems include a plurality of software systems.
  - 22. The apparatus according to claim 1, comprising:
    - at least one computer system,wherein the or each computer system comprises at least one processor and at least one memory.
  - 23. The apparatus according to claim 1, wherein loss is value at risk.
  - 24. The apparatus according to claim 1, wherein the one or more processors is configured pursuant to programming code to provide at least two modules including a first module configured to predict future threat activity using a Monte Carlo method and to output the predicted future threat activity to a second module.

25. A computer-implemented method, the method being performed by a computer system having one or more computer processors and a non-transient computer readable memory, the one or more computer processors being configured pursuant to programming code in the non-transient computer readable memory, the method comprising:
- predicting, for each of a plurality of threats, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate,wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses;
  
  wherein for each given threat the method comprises;
  
  modelling a set of past observed threat events to obtain an estimate of at least one model parameter;
  
  performing a Monte Carlo simulation of the given threat by;
  
  predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and predicting a distribution of future threat events by repeating the simulation using a plurality of variables; and
  
  wherein determining an expected downtime of each system in dependence upon said predicted future threat activity;
  
  determining a financial loss for each of a plurality of operational processes dependent on the downtimes of the systems;
  
  adding the financial losses for the plurality of processes to obtain a combined financial loss arising from the future threat activity.
- View Dependent Claims (26, 27, 28)
- - 26. The method according to claim 25, wherein the predicting threat activity based on stochastic modelling of past observed threat events comprises:
    - modelling a set of past observed threat events so as to obtain at least one model parameter.
  - 27. The method according to claim 25, wherein the predicting future threat activity based on stochastic modelling of past observed threat events includes:
    - predicting future threat events using at least one model parameter and a stochastic model using said at least one model parameter.
  - 28. The method of claim 25, in which the computer system includes at least two modules, wherein the method further comprises:
    - using a first module to predict future threat activity and to output the predicted future threat activity to a second module.

29. A non-transitory computer readable medium having a computer program thereon, which when executed by a computer system having one or more computer processors and a non-transient computer readable memory, causes the computer system to predict, for each of a plurality of threats, future threat activity a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses;
- wherein execution of the computer program causes the computer system to perform, for each given threat, steps comprising;
  
  modelling a set of past observed threat events to obtain an estimate of at least one model parameter;
  
  performing a Monte Carlo simulation of the given threat by;
  
  predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and predicting a distribution of future threat events by repeating the simulation using a plurality of variables; and
  
  wherein determining an expected downtime of each system in dependence upon said predicted future threat activity;
  
  determining a financial loss for each of a plurality of operational processes dependent on the downtimes of the systems;
  
  adding the financial losses for the plurality of processes to obtain a combined financial loss arising from the future threat activity.
- View Dependent Claims (30)
- - 30. The non-transitory computer readable medium of claim 29, wherein the computer program, when executed by the computer system, causes the computer system to include at least two modules including a first module configured to predict future threat activity and to output the predicted future threat activity to a second module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quantar Solutions Limited
Original Assignee
Quantar Solutions Limited
Inventors
Evrard, Phillipe
Primary Examiner(s)
Tolentino, Roderick

Application Number

US13/322,298
Publication Number

US 20120096558A1
Time in Patent Office

2,211 Days
Field of Search

726 26- 30
US Class Current

1/1
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1416 Event detection, e.g. attac...

Assessing threat to at least one computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Assessing threat to at least one computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links