Network maliciousness susceptibility analysis and rating
First Claim
Patent Images
1. A computer-implemented method for auditing a computer network to determine susceptibility to malicious cyber attacks, the method comprising:
- actively querying individual hosts of the computer network via data communications that are separate from data traffic sent to and received by the individual hosts during normal operation;
analyzing network data collected in response to the queries for a presence of a plurality of mismanagement and misconfiguration symptoms represented by a range of mismanagement metrics associated with the individual hosts within the computer network the plurality of mismanagement and misconfiguration symptoms being indicative of a failure to implement adequate network security practices or a deviation from known best security practices;
aggregating the range of mismanagement metrics associated with the individual hosts within the computer network at a particular network level granularity including (i) an autonomous system (AS) level, (ii) a network prefix level, (iii) an enterprise network level, or (iv) an arbitrarily-defined network level, the particular network level granularity being based upon the range of mismanagement metrics and which of the plurality of mismanagement and misconfiguration symptoms are available at a particular network granularity;
identifying, from the aggregation of the range of mismanagement metrics, one or more correlations between the plurality of mismanagement and misconfiguration symptoms and the range of mismanagement metrics;
from among the identified one or more correlations between the range of mismanagement metrics, determining a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network level of the mismanagement of the computer network that represents a susceptibility of the computer network to malicious cyber attacks as a combination of susceptibilities of the individual hosts to malicious cyber attacks; and
storing the unified mismanagement metric for use in comparison to a listing of potential malicious cyber attacks.
4 Assignments
0 Petitions
Accused Products
Abstract
Network security and robustness is analyzed by developing correlations among network maliciousness observations to determine attack susceptibility. Network traffic is analyzed at the autonomous system (AS) level, among connected Internet Protocol (IP) routing prefixes, to identify these observations. The traffic is monitored for any of a number of specified mismanagement metrics. Correlations among these metrics are determined and a unified network mismanagement metric is developed, indicating network susceptibility to potentially malicious attack.
-
Citations
28 Claims
-
1. A computer-implemented method for auditing a computer network to determine susceptibility to malicious cyber attacks, the method comprising:
-
actively querying individual hosts of the computer network via data communications that are separate from data traffic sent to and received by the individual hosts during normal operation; analyzing network data collected in response to the queries for a presence of a plurality of mismanagement and misconfiguration symptoms represented by a range of mismanagement metrics associated with the individual hosts within the computer network the plurality of mismanagement and misconfiguration symptoms being indicative of a failure to implement adequate network security practices or a deviation from known best security practices; aggregating the range of mismanagement metrics associated with the individual hosts within the computer network at a particular network level granularity including (i) an autonomous system (AS) level, (ii) a network prefix level, (iii) an enterprise network level, or (iv) an arbitrarily-defined network level, the particular network level granularity being based upon the range of mismanagement metrics and which of the plurality of mismanagement and misconfiguration symptoms are available at a particular network granularity; identifying, from the aggregation of the range of mismanagement metrics, one or more correlations between the plurality of mismanagement and misconfiguration symptoms and the range of mismanagement metrics; from among the identified one or more correlations between the range of mismanagement metrics, determining a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network level of the mismanagement of the computer network that represents a susceptibility of the computer network to malicious cyber attacks as a combination of susceptibilities of the individual hosts to malicious cyber attacks; and storing the unified mismanagement metric for use in comparison to a listing of potential malicious cyber attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for auditing a computer network to determine susceptibility to malicious cyber attacks, comprising:
-
one or more processors and one or more memories, the one or more memories storing instructions that when executed by the one or more processors, cause the one or more processors to; actively query, in a monitoring module stored in the one or more memories, individual hosts of the computer network via data communications that are separate from data traffic sent to and received by the individual hosts during normal operation; analyzing network data collected in response to the queries for a presence of a plurality of mismanagement and misconfiguration symptoms represented by a range of mismanagement metrics associated with the individual hosts within the computer network, the plurality of mismanagement and misconfiguration symptoms being indicative of a failure to implement adequate network security practices or a deviation from known best security practices; aggregate, in an aggregation module stored in the one or more memories, the range of mismanagement metrics associated with the individual hosts within the computer network at a particular network level granularity including (i) an autonomous system (AS) level, (ii) a network prefix level, (iii) an enterprise network level, or (iv) an arbitrarily-defined network level, the particular network level granularity being based upon the range of mismanagement metrics and which of the plurality of mismanagement and misconfiguration symptoms are available at a particular network granularity; identify, in a correlation module, from among the aggregation of the range of mismanagement metrics, one or more correlations between the plurality of mismanagement and misconfiguration symptoms and the range of mismanagement metrics; from among the identified correlations between the range of mismanagement metrics, determine, in an assessment module, a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network level indication of the mismanagement of the computer network that represents a susceptibility of the computer network to malicious cyber attacks as a combination of susceptibilities of the individual hosts to malicious cyber attacks; and store the unified mismanagement metric for use in comparison to a listing of potential malicious cyber attacks. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification