Method and device for simulating network resiliance against attacks
First Claim
1. A method for providing a cyber modeling and simulation framework, comprising:
- receiving, at an ingest interface, network and vulnerability data associated with nodes of a targeted network;
presenting, on a network visualization device, the network data and the vulnerability data;
creating a network model based on the network and vulnerability data presented on the network visualization device;
simulating a launching of threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, wherein the threat attacks include separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases;
applying, to the simulated launching of threat attacks, modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations;
producing simulation results from the simulating the launching of threat attacks and the applying the modeled defenses;
performing data farming to produce the simulation results using different scenarios to generate a farm of data and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks include the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic;
analyzing the data produced from performing the data farming to determine a statistically significant representation of the results; and
designing anti-cyber-attack strategies for the targeted network based on the performed the data farming.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.
40 Citations
18 Claims
-
1. A method for providing a cyber modeling and simulation framework, comprising:
-
receiving, at an ingest interface, network and vulnerability data associated with nodes of a targeted network; presenting, on a network visualization device, the network data and the vulnerability data; creating a network model based on the network and vulnerability data presented on the network visualization device; simulating a launching of threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, wherein the threat attacks include separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases; applying, to the simulated launching of threat attacks, modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations; producing simulation results from the simulating the launching of threat attacks and the applying the modeled defenses; performing data farming to produce the simulation results using different scenarios to generate a farm of data and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks include the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic; analyzing the data produced from performing the data farming to determine a statistically significant representation of the results; and designing anti-cyber-attack strategies for the targeted network based on the performed the data farming. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cyber modeling and simulation framework system, comprising:
-
an interface, provided by one or more hardware processors, for ingest of network and vulnerability data associated with a node of a targeted network; a network visualization device coupled to the one or more hardware processors, the network visualization device for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data; a threat analysis simulator, executable by the one or more hardware processors, for simulating launching threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, for applying separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases, and for applying modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations, the threat analysis simulator producing simulation results; and a data farming module including instructions stored on a memory, the instructions, when executed by the one or more hardware processors cause the one or more hardware processors to perform data farming by causing the threat analysis simulator to produce simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies for the targeted network, and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks includes the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic; wherein the threat analysis simulator is further for analyzing the data produced from performing the data farming to determine a statistically significant representation of the results and designing anti-cyber-attack strategies for the targeted network based on the simulation results. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification