Assessment of cyber threats
First Claim
Patent Images
1. A system comprising:
- one or more computers comprising one or more hardware processors;
one or more computer-readable media storing instructions that, when executed by the one or more computers, cause the one or more computers to perform operations comprising;
receiving, by the one or more computers, data indicating a time window having a beginning and an end;
accessing, by the one or more computers, data indicating at least one dynamic Bayesian network (DBN) that specifies relationships among (i) infrastructure nodes representing computing devices of an organization and a network connecting the computing devices, (ii) asset nodes indicating characteristics of assets of the organization, (iii) threat nodes representing computer-based threats including at least one selected from the group consisting of a virus, malware, a network intrusion, and a denial of service attack, and (iv) mitigation nodes representing threat mitigation measures of the organization;
performing, by the one or more computers, a plurality of simulations using the DBN, each simulation involving propagating data through the DBN for various time steps within the time window;
sampling, by the one or more computers, outcomes of the plurality of simulations according to the state of the DBN representing the end of the time window;
based on the sampled outcomes of the simulations, determining, by the one or more computers, a measure of impact of the computer-based threats to the organization over the time window; and
providing, by the one or more computers and for output to a user, a graphical representation of the determined measure of impact of the computer-based threats to the organization over the time window in a graphical user interface.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for assessing cyber threats. In some implementations, data indicating a time window is received. Data indicating at least one dynamic Bayesian network (DBN) is accessed. A plurality of simulations are performed using the DBN, and outcomes of the plurality of simulations are sampled according to the state of the DBN representing the end of the time window. Based on the sampled outcomes of the simulations, a measure of impact of the computer-based threats to the organization over the time window is determined. The determined measure is provided for output to a user.
-
Citations
20 Claims
-
1. A system comprising:
-
one or more computers comprising one or more hardware processors; one or more computer-readable media storing instructions that, when executed by the one or more computers, cause the one or more computers to perform operations comprising; receiving, by the one or more computers, data indicating a time window having a beginning and an end; accessing, by the one or more computers, data indicating at least one dynamic Bayesian network (DBN) that specifies relationships among (i) infrastructure nodes representing computing devices of an organization and a network connecting the computing devices, (ii) asset nodes indicating characteristics of assets of the organization, (iii) threat nodes representing computer-based threats including at least one selected from the group consisting of a virus, malware, a network intrusion, and a denial of service attack, and (iv) mitigation nodes representing threat mitigation measures of the organization; performing, by the one or more computers, a plurality of simulations using the DBN, each simulation involving propagating data through the DBN for various time steps within the time window; sampling, by the one or more computers, outcomes of the plurality of simulations according to the state of the DBN representing the end of the time window; based on the sampled outcomes of the simulations, determining, by the one or more computers, a measure of impact of the computer-based threats to the organization over the time window; and providing, by the one or more computers and for output to a user, a graphical representation of the determined measure of impact of the computer-based threats to the organization over the time window in a graphical user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method performed by one or more computers, the method comprising:
-
receiving, by the one or more computers, data indicating a time window having a beginning and an end; accessing, by the one or more computers, data indicating at least one dynamic Bayesian network (DBN) that specifies relationships among (i) infrastructure nodes representing computing devices of an organization and a network connecting the computing devices, (ii) asset nodes indicating characteristics of assets of the organization, (iii) threat nodes representing computer-based threats including at least one selected from the group consisting of a virus, malware, a network intrusion, and a denial of service attack, and (iv) mitigation nodes representing threat mitigation measures of the organization; performing, by the one or more computers, a plurality of simulations using the DBN, each simulation involving propagating data through the DBN for various time steps within the time window; sampling, by the one or more computers, outcomes of the plurality of simulations according to the state of the DBN representing the end of the time window; based on the sampled outcomes of the simulations, determining, by the one or more computers, a measure of impact of the computer-based threats to the organization over the time window; and providing, by the one or more computers and for output to a user, a graphical representation of the determined measure of impact of the computer-based threats to the organization over the time window in a graphical user interface. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium storing instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
receiving, by the one or more computers, data indicating a time window having a beginning and an end; accessing, by the one or more computers, data indicating at least one dynamic Bayesian network (DBN) that specifies relationships among (i) infrastructure nodes representing computing devices of an organization and a network connecting the computing devices, (ii) asset nodes indicating characteristics of assets of the organization, (iii) threat nodes representing computer-based threats including at least one selected from the group consisting of a virus, malware, a network intrusion, and a denial of service attack, and (iv) mitigation nodes representing threat mitigation measures of the organization; performing, by the one or more computers, a plurality of simulations using the DBN, each simulation involving propagating data through the DBN for various time steps within the time window; sampling, by the one or more computers, outcomes of the plurality of simulations according to the state of the DBN representing the end of the time window; based on the sampled outcomes of the simulations, determining, by the one or more computers, a measure of impact of the computer-based threats to the organization over the time window; and providing, by the one or more computers and for output to a user, a graphical representation of the determined measure of impact of the computer-based threats to the organization over the time window in a graphical user interface. - View Dependent Claims (18, 19, 20)
-
Specification