[특허]Network risk analysis

Network risk analysis 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/00
출원번호	US-0349155 (2003-01-21)
등록번호	US-7409721 (2008-08-05)
발명자 / 주소	Hernacki,Brian Bennett,Jeremy
출원인 / 주소	Symantac Corporation
대리인 / 주소	Van Pelt, Yi & James LLP
인용정보	피인용 횟수 : 10 인용 특허 : 19

초록 ▼

A system and method are disclosed for analyzing security risks in a computer network. The system constructs asset relationships among a plurality of objects in the computer network and receives an event associated with a selected object, where the event has an event risk level. The system also propa

대표청구항 ▼

What is claimed is: 1. A method of analyzing security risk in a computer network comprising: constructing asset relationships among a plurality of objects in the computer network; receiving an event associated with a selected object; wherein the event has an event risk level; dynamically updating the asset relationships, the update being based at least in part on an analysis of source or destination information associated with the event; and propagating the event to objects related to the selected object, if the event risk level exceeds a propagation threshold. 2. A method of analyzing security risk in a computer network as recited in claim 1 wherein constructing asset relationships includes creating an asset graph. 3. A method of analyzing security risk in a computer network as recited in claim 1 wherein the selected object has a plurality of associated attributes. 4. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object. 5. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function that changes the object risk level over time. 6. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function; wherein the time function is a decay function that decreases the object risk level over time. 7. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function; wherein the time function is an exponential decay function that decreases the event risk level over time. 8. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object and triggering a reaction once the object risk level reaches a triggering level. 9. A method of analyzing security risk in a computer network as recited in claim 1 further comprising: determining an object risk level for the selected object; and triggering a reaction once the object risk level reaches a triggering level; wherein the reaction includes notifying a user. 10. A method of analyzing security risk in a computer network as recited in claim 1 further comprising: determining an object risk level for the selected object; and triggering a reaction once the object risk level reaches a triggering level; wherein the reaction includes logging the event. 11. A method of analyzing security risk in a computer network as recited in claim 1 further comprising: determining an object risk level for the selected object; and triggering a reaction once the object risk level reaches a triggering level; wherein the reaction includes producing an analysis trail. 12. A method of analyzing security risk in a computer network as recited in claim 1 further comprising: determining an object risk level for the selected object; and triggering a reaction once the object risk level reaches a triggering level; wherein the reaction includes producing an analysis trail comprising information for tracing event effects. 13. A method of analyzing security risk in a computer network as recited in claim 1 further comprising: determining an object risk level for the selected object; and triggering a reaction once the object risk level reaches a triggering level; wherein the reaction includes producing an analysis trail comprising information for tracing event effects and reconstructing a chain of events that occurred previously using the analysis trail. 14. A method of analyzing security risk in a computer network as recited in claim 1 further comprising propagating the event to dependent objects that have a dependency on the selected object; wherein propagating the event to the dependent objects includes determining whether the event has an event risk level that exceeds a propagation threshold. 15. A method of analyzing security risk in a computer network as recited in claim 1 further comprising normalizing the event risk level based on a canonical scale. 16. A method of analyzing security risk in a computer network as recited in claim 1 wherein the selected object is a target object of the event. 17. A method of analyzing security risk in a computer network as recited in claim 1 wherein the event received is real time input or stored data. 18. A computer program product for analyzing security risk in a computer network, the computer program product being embodied in a computer readable medium and comprising computer instructions for: constructing asset relationships among a plurality of objects in the computer network; receiving an event associated with a selected object; wherein the event has an event risk level; dynamically updating the asset relationships, the update being based at least in part on an analysis of source or destination information associated with the event; and propagating the event to objects related to the selected object, if the event risk level exceeds a propagation threshold. 19. A computer program product for analyzing security risk in a computer network as recited in claim 18 wherein the selected object has a plurality of associated attributes. 20. A computer program product for analyzing security risk in a computer network as recited in claim 18 further comprising computer instructions for determining an object risk level for the selected object. 21. A computer program product for analyzing security risk in a computer network as recited in claim 20 wherein the object risk level for the selected object is determined based on the event received and one or more of the following: a time function that changes the object risk level over time; a time function decreases the object risk level over time; and an exponential decay function that decreases the event risk level over time. 22. A computer program product for analyzing security risk in a computer network as recited in claim 20 further comprising computer instructions for triggering a reaction once the object risk level reaches a triggering level. 23. A computer program product for analyzing security risk in a computer network as recited in claim 22 wherein the reaction includes one or more of the following: notifying a user; logging the event; producing an analysis trail; producing an analysis trail comprising information for tracing event effects; producing an analysis trail comprising information for tracing event effects and reconstructing a chain of events that occurred previously using the analysis trail. 24. A computer program product for analyzing security risk in a computer network as recited in claim 18 further comprising computer instructions for propagating the event to dependent objects that have a dependency on the selected object; wherein propagating the event to the dependent objects includes determining whether the event has an event risk level that exceeds a propagation threshold. 25. A computer program product for analyzing security risk in a computer network as recited in claim 18 further comprising computer instructions for normalizing the event risk level based on a canonical scale. 26. A computer program product for analyzing security risk in a computer network as recited in claim 18 wherein the selected object is a target object of the event. 27. A computer program product for analyzing security risk in a computer network as recited in claim 18 wherein the event received is real time input or stored data. 28. A system for analyzing security risk in a computer network comprising: an input interface configured to receive an event associated with a selected object; a processor configured to: construct asset relationships among a plurality of objects in the computer network; dynamically update the asset relationships, the update being based at least in part on an analysis of source or destination information associated with the event; and propagate the event to objects related to the selected object, if the event risk level exceeds a propagation threshold. 29. A system for analyzing security risk in a computer network as recited in claim 28 wherein the processor is configured to construct asset relationships at least in part by creating an asset graph. 30. A system for analyzing security risk in a computer network as recited in claim 28 wherein the selected object has a plurality of associated attributes. 31. A system for analyzing security risk in a computer network as recited in claim 28 wherein the processor is further configured to determine an object risk level for the selected object. 32. A system for analyzing security risk in a computer network as recited in claim 31 wherein the processor is configured to determine the object risk level for the selected object based on the event received and one of more of the following: a time function that changes the object risk level over time; a time function decreases the object risk level over time; and an exponential decay function that decreases the event risk level over time. 33. A system for analyzing security risk in a computer network as recited in claim 31 wherein the processor is further configured to trigger a reaction once the object risk level reaches a triggering level. 34. A system for analyzing security risk in a computer network as recited in claim 33 wherein the reaction includes one or more of the following: notifying a user; logging the event; producing an analysis trail; producing an analysis trail comprising information for tracing event effects; producing an analysis trail comprising information for tracing event effects and reconstructing a chain of events that occurred previously using the analysis trail. 35. A system for analyzing security risk in a computer network as recited in claim 28 wherein the processor is further configured to propagate the event to dependent objects that have a dependency on the selected object, including by determining whether the event has an event risk level that exceeds a propagation threshold. 36. A system for analyzing security risk in a computer network as recited in claim 28 wherein the processor is further configured to normalize the event risk level based on a canonical scale. 37. A system for analyzing security risk in a computer network as recited in claim 28 wherein the selected object is a target object of the event. 38. A system for analyzing security risk in a computer network as recited in claim 28 wherein the event received is real time input or stored data. 39. A computer program product for analyzing security risk in a computer network as recited in claim 18 wherein constructing asset relationships includes creating an asset graph.

이 특허에 인용된 특허 (19)

Andres Frederic,FRX, Apparatus for evaluating database query performance having libraries containing information for modeling the various sys.
상세보기
Farber David A. ; Lachman Ronald D., Data processing system using substantially unique identifiers to identify data items, whereby identical data items hav.
상세보기
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
상세보기
David Zager ; Robert Kostes, Dynamic modeling of complex networks and prediction of impacts of faults therein.
상세보기
Munson, John C.; Elbaum, Sebastian G., Dynamic software system intrusion detection.
상세보기
Leblang David B. (Wayland MA) Allen Larry W. (Cambridge MA) Chase ; Jr. Robert P. (Newton MA) Douros Bryan P. (Framingham MA) Jabs David E. (Sudbury MA) McLean ; Jr. Gordon D. (Brookline MA) Minard D, Dynamic software version auditor which monitors a process to provide a list of objects that are accessed.
상세보기
Lermuzeaux Jean-Marc (St Michel sur Orge FRX) Emery Thierry (St Germain les Arpajon FRX) Gonthier Patrice (Antony FRX), Facility for detecting intruders and suspect callers in a computer installation and a security system including such a f.
상세보기
Maloney Michael P. ; Suit John M. ; Rubel Rich ; Woodus Francis M., Information security analysis system.
상세보기
Bellare Mihir ; Guerin Roch Andre ; Rogaway Phillip Walder, Method and apparatus for data authentication in a data communication environment.
상세보기
Bruell Gregory O. (Carlisle MA), Method and apparatus for defining data packet formats.
상세보기
Pollack, Jordan; Cutts, Shaun; Rodriguez, Andres; Stevenson, Jeremy; Umanoff, Zak, Method and apparatus for distributing information to users.
상세보기
Mattison Phillip E., Method and apparatus for protecting flash memory.
상세보기
Smaha Stephen E. (Austin TX) Snapp Steven R. (Austin TX), Method and system for detecting intrusion into and misuse of a data processing system.
상세보기
Walker Jeffrey H., Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources.
상세보기
Shieh Shiuh-Pyung W. (Hsinchu MD TWX) Gligor Virgil D. (Chevy Chase MD), Pattern-oriented intrusion-detection system and method.
상세보기
Naimark, Michael; Bergman, Aviv; Weil, Emily; Moresco, Ignazio; Faieta, Baldo, Quantifying the level of interest of an item of current interest.
상세보기
Davis Derek L., Secure BIOS.
상세보기
Moran, Douglas B., System and method for detecting buffer overflow attacks.
상세보기
Miller Arnold (Bellevue WA) Neeman Yuval (Bellevue WA) Contorer Aaron M. (Kirkland WA) Misra Pradyumna K. (Issaquah WA) Seaman Michael R. C. (Kirkland WA) Rubin Darryl E. (Redmond WA), Unification of directory service with file system services.
상세보기

이 특허를 인용한 특허 (10)

Lin, Derek, Detection of malware beaconing activities.
상세보기
Fang, Chunsheng; Lin, Derek Chin-Teh, Determining malware infection risk.
상세보기
Bennett, Jeff; Stager, Mike; Shevlin, Gordon; Tang, William, Enterprise information security management software for prediction modeling with interactive graphs.
상세보기
Bennett, Jeff; Stager, Mike; Shevlin, Gordon; Tang, William, Enterprise information security management software for prediction modeling with interactive graphs.
상세보기
Fang, ChunSheng; Lin, Derek; Zadeh, Joseph A., Graph-based method to detect malware command-and-control infrastructure.
상세보기
Anglin, Debbie A.; Aslot, Vishal C.; Gu, Yu; Liu, Su, Implementing locale management on PaaS: locale replacement risk analysis.
상세보기
Himberger, Kevin David; Jeffries, Clark Debs; Lingafelt, Charles Steven; Roginsky, Allen Leonid; Singleton, Phillip, Method of assuring enterprise security standards compliance.
상세보기
Kochut, Andrzej; Mastrianni, Steven J.; Sailer, Anca; Schulz, Charles O., Remediating events using behaviors.
상세보기
Kochut, Andrzej; Mastrianni, Steven J.; Sailer, Anca; Schulz, Charles O., Remediating events using behaviors.
상세보기
McCallam, Dennis Hain, Steady state computer intrusion and misuse detection.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Network risk analysis 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (19)

이 특허를 인용한 특허 (10)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Network risk analysis 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (19)

이 특허를 인용한 특허 (10)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트