Method and system simulating a hacking attack on a network

US 8,464,346 B2
Filed: 05/22/2008
Issued: 06/11/2013
Est. Priority Date: 05/24/2007
Status: Active Grant

First Claim

Patent Images

1. A method for performing one or more social engineering attacks on a plurality of humans connected in a Network for assessing vulnerabilities of the plurality of humans in the Network, the Network comprising at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the method comprising:

gathering information about human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of;

creating a human profile,creating a human psychology model,impersonating or building the trust between an attacker and a target;

generating a Multiple Attack Vectors (MAV) graph based on the information gathered in the Information Model and one or more scan parameters for showing possible paths to compromise the Network;

planning the one or more social engineering attacks based on the MAV; and

launching the one or more social engineering attacks to access vulnerabilities in the humans of the Network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention describes a method for performing one or more social engineering attacks on a plurality of humans connected in a network for assessing vulnerabilities of the humans, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links. The method includes gathering information about human profiles including collecting information about target users from actively used social and search sites and performing an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on the information gathered and one or more scan parameters. Moreover, the method includes launching one or more social engineering attacks based on the MAV graph to assess vulnerabilities in the humans in the Network.

157 Citations

18 Claims

1. A method for performing one or more social engineering attacks on a plurality of humans connected in a Network for assessing vulnerabilities of the plurality of humans in the Network, the Network comprising at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the method comprising:
- gathering information about human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of;
  
  creating a human profile,creating a human psychology model,impersonating or building the trust between an attacker and a target;
  
  generating a Multiple Attack Vectors (MAV) graph based on the information gathered in the Information Model and one or more scan parameters for showing possible paths to compromise the Network;
  
  planning the one or more social engineering attacks based on the MAV; and
  
  launching the one or more social engineering attacks to access vulnerabilities in the humans of the Network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising revising the MAV graph after the Network is compromised, wherein the MAV graph is revised for utilizing the information about the humans for the one or more social engineering attacks.
  - 3. The method of claim 1, further comprising enhancing the system capability to generate the MAV graph by adding new attacks and the corresponding attack strategies in the format required by a system.
  - 4. The method of claim 1, further comprising enhancing the system capability to generate the MAV graph by applying self learning algorithms based upon custom developed Genetic and Artificial Intelligence (AI) algorithms.
  - 5. The method of claim 1, further comprising enabling constant interaction between at least one master agent and at least one slave agent, wherein the interaction comprises coordination, planning, monitoring and reselection of the at least one slave agent.
  - 6. The method of claim 1, further comprising:
    - performing the automated Social Engineering phase on the Network, wherein the automated Social Engineering phase is performed to gain access to critical information that pertains to the plurality of humans, the automated Social Engineering phase is further performed by performing at least one of;
      
      sniffing a mail from the Network to impersonate the plurality of humans,crafting the replies of the mail,including a malicious link in the reply, andluring the plurality of humans to leak critical information.
  - 7. The method of claim 1, further comprising launching the one or more social engineering attacks in a plurality of stages comprising:
    - performing a Link Analysis on a communication taking place among the plurality of humans or the plurality of devices to find out the critical information flowing as a result of the communication;
      
      creating or updating the Information Model, wherein the Information Model comprises the information gathered by at least one master agent about the plurality of devices, the plurality of humans, the plurality of communication links and their relationships;
      
      gathering data by accessing the Network through the internet and simultaneously accessing web server through a HTTP channel in a first stage, wherein the Network can access a subnet which hosts multiple applications along with a DNS application and a database application;
      
      harnessing the data from a first stage and by cultivating a trust relationship that the Network shares with a set of neighboring Network; and
      
      utilizing the trust relationship which the multiple applications share with the DNS application and the database application for launching the one or more social engineering attacks.
  - 8. The method of claim 1, further comprising integrating one or more propriety or third party tools and products with one or more tools selected from a group consisting of vulnerability tools, social engineering tools, and exploitation tools for capturing the information in the Information Model, for generating the MAV graph based upon the Information Model and for launching the one or more social engineering attacks to enhance impact of the one or more social engineering attacks on the Network.
  - 9. The method of claim 1, further comprising enabling the plurality of humans to subscribe to the service, initiating the one or more social engineering attacks and generating the report online over the Internet.
  - 15. The method of claim 1, further comprising installing at least one slave agent on DPUs of compromised humans for performing the one or more social engineering attacks in a distributed manner and providing the information and results to the at least one master agent.
  - 16. The method of claim 1, further comprising generating and storing a report in knowledge base wherein the report contains details about the vulnerabilities of the humans in the Network.
  - 17. The method of claim 1, wherein launching the one or more social engineering attacks comprises conversing with a target user to find critical information pertaining to the Network.
  - 18. The method of claim 1, wherein launching the one or more social engineering attacks comprises generating one or more fake web pages similar to one or more original web pages in order to perform phishing attacks.

10. A system for performing one or more social engineering attacks on a plurality of humans connected in a Network to assess vulnerabilities of the plurality of humans in the Network, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links, the system comprising:
- a scan controller to perform a scan on the Network and initiating at least one master agent, wherein the at least one master agent gathers information about human profiles, gathering information about the human profiles including collecting information about target users from actively used social and search sites, and performing at least an automated social engineering phase and updates an Information Model based on the gathered information, wherein the automated Social Engineering phase on the Network is performed by performing at least one of;
  
  creating a human profile,creating a human psychology model, andimpersonating or building the trust between an attacker and a target;
  
  an automated Social Engineering (SE) architecture for collecting sensitive information that pertains to the plurality of users;
  
  a communication link framework for identifying vulnerabilities associated with the Network and communication protocols;
  
  a Multiple Attack Vector (MAV) engine for generating and storing an MAV graph that shows possible paths by which the Network can be compromised, the Network being compromised by using at least one slave agent and the at least one master agent, wherein the slave agents coordinate among themselves when they are isolated from the master agent; and
  
  an agent framework for launching one or more social engineering attacks on the Network.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein the Social Engineering (SE) architecture further comprises:
    - a SE database for storing the information gathered by a SE phase;
      
      a SE knowledge base for storing one or more information from a group comprising human relationship model, an attack dictionary, an attack strategy knowledge base, organizational policies, a trust level dictionary, a human vulnerability dictionary, a human psychology model, a human relationships model, and a human profile model; and
      
      a SE controller for communicating with one or more communication modules.
  - 12. The system of claim 10, wherein the Multiple Attack Vectors (MAV) engine further comprises:
    - an attack repository for storing one or more social engineering attacks associated with the Network and the vulnerabilities of the Network;
      
      an attack strategies repository for storing attack strategies corresponding to the one or more social engineering attacks, wherein the attack strategies are updated by a human and by an artificial algorithm;
      
      an agent database for storing information related to the at least one master agent and the at least one slave agent;
      
      an Information Model for storing the information related to the Network after the one or more social engineering attacks have been made on the Network; and
      
      a knowledge base for storing one or more functional modules and libraries associated with at least one of the one or more functional modules.
  - 13. The system of claim 10, wherein the at least one slave agent replicates on DPUs of humans and the at least one slave agent and the replicated slave agents coordinates among themselves to perform one or more attacks in a distributed manner.

14. A non-transitory computer program product for use with a computer, the computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein for performing one or more social engineering attacks on a plurality of humans connected in a Network to assess vulnerabilities of the plurality of humans in the Network, wherein the Network comprises at least one of a plurality of data processing devices, memory devices, and a plurality of communication links, the computer program product comprising:
- program instructions for receiving one or more scan parameters;
  
  program instructions for gathering information about human profiles including collecting information about target users from actively used social and search sites;
  
  program instructions for performing an automated Social Engineering phase on the Network, wherein the automated Social Engineering phase on the Network is performed by performing at least one of;
  
  creating a human profile,creating a human psychology model, andimpersonating or building the trust between an attacker and a target;
  
  program instructions for performing Link Analysis on a communication among the plurality of the users or the plurality of data processing devices;
  
  program instructions for creating or updating an Information Model;
  
  program instructions for generating a multiple attack vectors graph based on an information gathered in the Information Model and the one or more scan parameters; and
  
  program instructions for launching one or more social engineering attacks on the Network to compromise the Network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synopsys Incorporated
Original Assignee
iViZ Techno Solutions Pvt. Ltd. (Synopsys Incorporated)
Inventors
Barai, Bikash, De, Nilanjan
Primary Examiner(s)
Rao, Andy
Assistant Examiner(s)
ELAHI, SHAN E

Application Number

US12/451,460
Publication Number

US 20100138925A1
Time in Patent Office

1,846 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Method and system simulating a hacking attack on a network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system simulating a hacking attack on a network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links