Method and device for simulating network resiliance against attacks

US 9,954,884 B2
Filed: 10/23/2013
Issued: 04/24/2018
Est. Priority Date: 10/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method for providing a cyber modeling and simulation framework, comprising:

receiving, at an ingest interface, network and vulnerability data associated with nodes of a targeted network;

presenting, on a network visualization device, the network data and the vulnerability data;

creating a network model based on the network and vulnerability data presented on the network visualization device;

simulating a launching of threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, wherein the threat attacks include separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases;

applying, to the simulated launching of threat attacks, modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations;

producing simulation results from the simulating the launching of threat attacks and the applying the modeled defenses;

performing data farming to produce the simulation results using different scenarios to generate a farm of data and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks include the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic;

analyzing the data produced from performing the data farming to determine a statistically significant representation of the results; and

designing anti-cyber-attack strategies for the targeted network based on the performed the data farming.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

40 Citations

View as Search Results

18 Claims

1. A method for providing a cyber modeling and simulation framework, comprising:
- receiving, at an ingest interface, network and vulnerability data associated with nodes of a targeted network;
  
  presenting, on a network visualization device, the network data and the vulnerability data;
  
  creating a network model based on the network and vulnerability data presented on the network visualization device;
  
  simulating a launching of threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, wherein the threat attacks include separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases;
  
  applying, to the simulated launching of threat attacks, modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations;
  
  producing simulation results from the simulating the launching of threat attacks and the applying the modeled defenses;
  
  performing data farming to produce the simulation results using different scenarios to generate a farm of data and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks include the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic;
  
  analyzing the data produced from performing the data farming to determine a statistically significant representation of the results; and
  
  designing anti-cyber-attack strategies for the targeted network based on the performed the data farming.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the designing the anti-cyber-attack strategies comprises designing anti-cyber-attack strategies based on identifying a metric inflection point in the farm of data.
  - 3. The method of claim 2, wherein the identifying the metric inflection point in the farm of data comprises visualizing the farm of data using the network visualization device and analyzing the visualized farm of data to detect the metric inflection point.
  - 4. The method of claim 1, further comprising scanning the network using a vulnerability scanner to provide the data associated with the node of the targeted network to the interface for ingest.
  - 5. The method of claim 1, wherein the presenting, on the network visualization device, the network data and the vulnerability data further comprises manipulating and visualizing the targeted network being simulated and conducting operations on a component tree and interconnections associated with the targeted network, and wherein the results include an amount of successful attacks, an amount of partially successful attacks, an amount of attack disruptions by the modeled defenses, and a duration of a successful attack for each network configuration of the different configurations of the targeted network.
  - 6. The method of claim 1, wherein the simulating the launching of threat attacks and the applying the modeled defenses further comprises setting the threat attacks in opposition to the targeted network and selected defenses.
  - 7. The method of claim 1 further comprises storing resultant data from scenario runs created by the simulating the launching of threat attacks and the applying the modeled defenses and accessing the stored resultant data.
  - 8. The method of claim 1, wherein the performing data farming further comprises generating the farm of data based on metrics used to evaluate resiliency techniques and cyber threats.
  - 9. The method of claim 1 further comprises presenting the farm of data for post-processing to narrow an output of the farm of data into a grouping of data of interest based upon resiliency metrics.
  - 10. The method of claim 1, wherein the receiving, at the ingest interface, network and vulnerability data further comprises receiving the network and vulnerability data at a single common interface for disparate authoritative sources of device, application, hardware, vulnerability, and weakness data.

11. A cyber modeling and simulation framework system, comprising:
- an interface, provided by one or more hardware processors, for ingest of network and vulnerability data associated with a node of a targeted network;
  
  a network visualization device coupled to the one or more hardware processors, the network visualization device for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data;
  
  a threat analysis simulator, executable by the one or more hardware processors, for simulating launching threat attacks on the targeted network using the created network model, wherein one or more of the threat attacks include an unknown behavior or an unpredictable characteristic, for applying separate attack phases with associated time frames in which the threat attacks affect the targeted network differently in each of the separate attack phases, and for applying modeled defenses against the threat attacks, wherein the modeled defenses includes defenses at first locations of the targeted network for a first simulation and the defenses provided at second locations of the targeted network for a second simulation, the second locations including at least one different location than the first locations, the threat analysis simulator producing simulation results; and
  
  a data farming module including instructions stored on a memory, the instructions, when executed by the one or more hardware processors cause the one or more hardware processors to perform data farming by causing the threat analysis simulator to produce simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies for the targeted network, and wherein data farming includes simulating the launching of same threat attacks on different configurations of the targeted network and wherein data farming includes simulating the launching of different threat attacks on the same configuration of the targeted network, wherein the same threat attacks includes the one or more of the threat attacks that include an unknown behavior or an unpredictable characteristic;
  
  wherein the threat analysis simulator is further for analyzing the data produced from performing the data farming to determine a statistically significant representation of the results and designing anti-cyber-attack strategies for the targeted network based on the simulation results.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The cyber modeling and simulation framework of claim 11, wherein the anti-cyber-attack strategies are based on an identification of a metric inflection point in the farm of data.
  - 13. The cyber modeling and simulation framework of claim 12, wherein the identification of the metric inflection point in the farm of data is based on visualization of the farm of data using the network visualization device.
  - 14. The cyber modeling and simulation framework of claim 11 further comprising a vulnerability scanner for providing the data associated with the node of the targeted network to the interface for ingest.
  - 15. The cyber modeling and simulation framework of claim 11, wherein the network visualization device is arranged to manipulate and visualize the targeted network being simulated and to conduct operations on a component tree and interconnections associated with the targeted network.
  - 16. The cyber modeling and simulation framework of claim 11, wherein the threat analysis simulator sets the threat attacks in opposition to the targeted network and selected defenses.
  - 17. The cyber modeling and simulation framework of claim 11 further comprises a data warehouse arranged to store resultant data from scenario runs executed by the threat analysis simulator, the resultant data accessible for analysis.
  - 18. The cyber modeling and simulation framework of claim 11, wherein the farm of data is generated by the data farming module based on metrics used to evaluate resiliency techniques and cyber threats.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Hassell, Suzanne P., Beraud, III, Paul F., Cruz, Alen, Ganga, Gangadhar, Mastropietro, Brian J., Hester, Travis C., Hyde, David A., Toennies, Justin W., Martin, Stephen R., Pietryka, Frank, Srivastava, Niraj K.
Primary Examiner(s)
Chang, Kenneth
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US14/437,686
Publication Number

US 20150295948A1
Time in Patent Office

1,644 Days
Field of Search

726 25, 703 13, 709224
US Class Current
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/1441 Countermeasures against mal...

Method and device for simulating network resiliance against attacks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and device for simulating network resiliance against attacks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others