NETWORK MALICIOUSNESS SUSCEPTIBILITY ANALYSIS AND RATING
First Claim
1. A computer-implemented method for auditing a computer network to determine susceptibility to malicious attack, the method comprising:
- monitoring traffic of the computer network for a plurality of mismanagement metrics, where each of the plurality of mismanagement metrics results from one or more mismanagement symptoms of the computer network, and where the traffic is monitored at the network level of the computer network;
aggregating the traffic of the computer network at the network level and identifying, from the aggregation, one or more correlations between the plurality of mismanagement metrics;
from among the identified one or more correlations between the plurality of mismanagement metrics, determining a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network-traffic level indication of the mismanagement of the computer network; and
storing the unified mismanagement metric for use in comparison to a listing of potential maliciousness attacks.
4 Assignments
0 Petitions
Accused Products
Abstract
Network security and robustness is analyzed by developing correlations among network maliciousness observations to determine attack susceptibility. Network traffic is analyzed at the autonomous system (AS) level, among connected Internet Protocol (IP) routing prefixes, to identify these observations. The traffic is monitored for any of a number of specified mismanagement metrics. Correlations among these metrics are determined and a unified network mismanagement metric is developed, indicating network susceptibility to potentially malicious attack.
-
Citations
28 Claims
-
1. A computer-implemented method for auditing a computer network to determine susceptibility to malicious attack, the method comprising:
-
monitoring traffic of the computer network for a plurality of mismanagement metrics, where each of the plurality of mismanagement metrics results from one or more mismanagement symptoms of the computer network, and where the traffic is monitored at the network level of the computer network; aggregating the traffic of the computer network at the network level and identifying, from the aggregation, one or more correlations between the plurality of mismanagement metrics; from among the identified one or more correlations between the plurality of mismanagement metrics, determining a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network-traffic level indication of the mismanagement of the computer network; and storing the unified mismanagement metric for use in comparison to a listing of potential maliciousness attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors and one or more memories, the one or more memories storing instructions that when executed by the one or more processors, cause the one or more processors to; monitor, in a monitoring module stored in the one or more memories, traffic of the computer network for a plurality of mismanagement metrics, where each of the plurality of mismanagement metrics results from one or more mismanagement symptoms of the computer network, and where the traffic is monitored at the network level of the computer network; aggregate, in an aggregation module stored in the one or more memories, the traffic of the computer network at the network level and identify, in a correlation module, from among the aggregation, any correlations between the plurality of mismanagement metrics; from among the identified correlations between the plurality of mismanagement metrics, determine, in an assessment module, a unified mismanagement metric for the computer network, the unified mismanagement metric indicating a network-traffic level indication of the mismanagement of the computer network; and store the unified mismanagement metric for use in comparison to a listing of potential maliciousness attacks. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification