Automated intelligence graph construction and countermeasure deployment
First Claim
Patent Images
1. A method comprising:
- obtaining, by a computer security company computer system, and over a computer network, computer readable fundamental data;
obtaining, by the computer security company computer system, and over the computer network, computer readable document data;
preparing, using a hardware electronic processor, fundamental instance nodes from the fundamental data,wherein the fundamental instance nodes include a fundamental instance node that is associated with common vulnerability and exposure information;
preparing, using the hardware electronic processor, document nodes from the document data;
preparing, using the hardware electronic processor, edges between nodes of the fundamental instance nodes and the document nodes,wherein an edge, of the edges, comprises a timestamp comprising a time of day, andwherein preparing the edges comprises extracting at least one fundamental data string from a fundamental instance represented by one of the fundamental instance nodes;
storing, in electronic persistent memory, the nodes and the edges in a manner that reflects a graph structure;
causing to be displayed, on a hardware computer monitor, at least a portion of a graph defined by at least one of the nodes and at least one of the edges;
matching a subgraph, comprising the at least one of the nodes and the at least one of the edges, to a pattern of an attack when an additional node or an additional edge is added; and
implementing a countermeasure to the attack.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing information security threat assessment and amelioration are disclosed. The techniques may include obtaining fundamental data, obtaining document data, preparing fundamental instance nodes from the fundamental data, preparing document nodes from the document data, preparing edges between at least some of the nodes, storing the nodes and the edges in a manner that reflects a graph structure, and causing to be displayed at least a portion of a graph defined by at least one node and at least one edge.
-
Citations
20 Claims
-
1. A method comprising:
-
obtaining, by a computer security company computer system, and over a computer network, computer readable fundamental data; obtaining, by the computer security company computer system, and over the computer network, computer readable document data; preparing, using a hardware electronic processor, fundamental instance nodes from the fundamental data, wherein the fundamental instance nodes include a fundamental instance node that is associated with common vulnerability and exposure information; preparing, using the hardware electronic processor, document nodes from the document data; preparing, using the hardware electronic processor, edges between nodes of the fundamental instance nodes and the document nodes, wherein an edge, of the edges, comprises a timestamp comprising a time of day, and wherein preparing the edges comprises extracting at least one fundamental data string from a fundamental instance represented by one of the fundamental instance nodes; storing, in electronic persistent memory, the nodes and the edges in a manner that reflects a graph structure; causing to be displayed, on a hardware computer monitor, at least a portion of a graph defined by at least one of the nodes and at least one of the edges; matching a subgraph, comprising the at least one of the nodes and the at least one of the edges, to a pattern of an attack when an additional node or an additional edge is added; and implementing a countermeasure to the attack. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Non-transitory computer readable media comprising instructions which, when executed by a computer system comprising at least one electronic processor, cause the at least one electronic processor to:
-
obtain, over a computer network, computer readable fundamental data; obtain, over the computer network, computer readable document data; prepare fundamental instance nodes from the fundamental data, wherein the fundamental instance nodes include a fundamental instance node that is associated with common vulnerability and exposure information; prepare document nodes from the document data; prepare edges between nodes of the fundamental instance nodes and the document nodes by extracting at least one fundamental data string from a fundamental instance represented by one of the fundamental instance nodes, wherein an edge, of the edges, comprises a timestamp comprising a time of day; store, in electronic persistent memory, the nodes and the edges in a manner that reflects a graph structure; cause to be displayed, on a hardware computer monitor, at least a portion of a graph defined by at least one of the nodes and at least one of the edges; match a subgraph, comprising the at least one of the nodes and the at least one of the edges, to a pattern of an attack when an additional node or an additional edge is added; and implement a countermeasure to the attack. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system comprising:
-
one or more memories; and one or more processors, communicatively coupled to the one or more memories, to; obtain, over a computer network, computer readable fundamental data; obtain, and over the computer network, computer readable document data; prepare fundamental instance nodes from the fundamental data, wherein the fundamental instance nodes include a fundamental instance node that is associated with common vulnerability and exposure information; prepare document nodes from the document data; prepare edges between nodes of the fundamental instance nodes and the document nodes by extracting at least one fundamental data string from a fundamental instance represented by one of the fundamental instance nodes, wherein an edge, of the edges, comprises a timestamp comprising a time of day; store, in electronic persistent memory, the nodes and the edges in a manner that reflects a graph structure; cause to be displayed at least a portion of a graph defined by at least one of the nodes and at least one of the edges; match a subgraph, comprising the at least one of the nodes and the at least one of the edges, to a pattern of an attack when an additional node or an additional edge is added; and implement a countermeasure to the attack. - View Dependent Claims (17, 18, 19, 20)
-
Specification