Cyber threat monitor and control apparatuses, methods and systems
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/18
H04L-029/06
출원번호
US-0562623
(2014-12-05)
등록번호
US-9210185
(2015-12-08)
발명자
/ 주소
Pinney Wood, Christopher Paul
Helmsen, John Joseph
Thomson, Allan
Coleman, Christopher D.
출원인 / 주소
Lookingglass Cyber Solutions, Inc.
대리인 / 주소
Cooley LLP
인용정보
피인용 횟수 :
4인용 특허 :
2
초록▼
The cyber threat monitor and control apparatuses, methods and systems (hereinafter “CTMC”) determines risk across a global Internet network graph model for various virtual or physical network elements. In one embodiment, the CTMC defines a factor mechanism representing interactions among the set of
The cyber threat monitor and control apparatuses, methods and systems (hereinafter “CTMC”) determines risk across a global Internet network graph model for various virtual or physical network elements. In one embodiment, the CTMC defines a factor mechanism representing interactions among the set of network elements, the factor mechanism including a factor indicative of a correlation between a pair of network elements from the set of network elements, and dynamically calculate the probabilistic network security measure for each network element in the global Internet graph model based at least in part on the factor mechanism and any observed threat indicators related to the global Internet graph model.
대표청구항▼
1. A non-transitory processor-readable medium storing code representing processor-executable instructions, the code comprising code to cause the processor to: obtain information of a data model graph having a plurality of nodes and a plurality of edges connecting the plurality of nodes, a node from
1. A non-transitory processor-readable medium storing code representing processor-executable instructions, the code comprising code to cause the processor to: obtain information of a data model graph having a plurality of nodes and a plurality of edges connecting the plurality of nodes, a node from the plurality of nodes representing a virtual element or a physical element in a network,the node having a probabilistic network security measure indicative of potential security risk associated with the node,an edge from the plurality of edges representing a relationship between two nodes connected by the edge and from the plurality of nodes;obtain a threat indicator having a characteristic of a categorized assessment of network security risk;define a factor matrix representing a set of joint threat and safety probabilities for the plurality of nodes based on the relationship for each edge from the plurality of edges, the factor matrix including a factor indicative of a correlation between a pair of nodes from the plurality of nodes;determine an influence path for the threat indicator in the data model graph based on the factor matrix;propagate the threat indicator along the influence path to assess influence of the threat indicator on each node in the influence path;calculate a first updated probabilistic network security measure for a first node on the influence path based at least in part on the characteristic of the threat indicator;calculate a second updated probabilistic network security measure for a second node on the influence path based at least in part on the first updated probabilistic network security measure and the factor matrix;dynamically update the data model graph with the first updated probabilistic network security measure and the second updated probabilistic network security measure; andsend a signal to generate a user interface having a user interface widget representing the first updated probabilistic network security measure and the second updated probabilistic network security measure. 2. The medium of claim 1, wherein the factor has a degrading correlation strength over time based on a historical degradation of the interaction between the pair of nodes. 3. The medium of claim 1, wherein the code further comprises code to cause the processor to perform one of: calculate the first updated probabilistic network security measure for the first node individually; orcalculate the first updated probabilistic network security measure for the first node based on a respective probabilistic network security measure associated with a set that contains the first node. 4. The medium of claim 1, wherein the plurality of nodes include a number of nodes no less than one million. 5. A non-transitory processor-readable medium storing code representing processor-executable instructions, the code comprising code to cause the processor to: obtain information of a data model graph having a plurality of nodes and a plurality of edges connecting the plurality of nodes, each node from the plurality of nodes having a probabilistic network security measure indicative of potential security risk associated with that node,each edge from the plurality of edges representing a relationship between two nodes connected by the edge and from the plurality of nodes;receive a threat indicator having a characteristic of a categorized assessment of network security risk;define a factor matrix representing a set of joint threat and safety probabilities for the plurality of nodes, the factor matrix including a factor indicative of a correlation between a pair of nodes from the plurality of nodes;determine an influence path for the threat indicator in the network graph based on the factor matrix;dynamically update probabilistic network security measures for each node on the influence path based on the characteristic and the factor matrix; andsend a signal to generate a user interface having a user interface widget representing the dynamically updated probabilistic network security measures. 6. The medium of claim 5, wherein the probabilistic network security measures for each node on the influence path includes a probability value representing a probability that that node is unsafe to cyber threats. 7. The medium of claim 5, wherein the probabilistic network security measures for each node on the influence path includes a user-defined default value. 8. The medium of claim 5, wherein each node from the plurality of nodes includes any of an Internet protocol (IP) host, a classless inter-domain router (CIDR), a fully qualified domain name (FQDN), a autonomous system number (ASN), an application or application identifiers, a group sector, or a user. 9. The medium of claim 5, wherein the characteristic includes at least one of: a threat indicator identifier, a threat classification, a threat criticality level, or a threat source. 10. The medium of claim 5, wherein the characteristic includes a probabilistic threat indicator score indicative of a positive assessment of risk or a negative assessment of risk. 11. The medium of claim 5, wherein the code further comprising code to cause the processor to: propagate the threat indicator along the influence path to progressively assess influence of the threat indicator on each node in the influence path; andcalculate an updated probabilistic network security measure for each node from the plurality of nodes and along the influence path based at least in part on a probabilistic threat indicator score associated with the threat indicator. 12. The medium of claim 5, wherein the code further comprising code to cause the processor to: calculate an aggregated probabilistic network security measure for each node from the plurality of nodes and when that node is influenced by multiple threat indicators. 13. The medium of claim 5, wherein the probabilistic network security measures are dynamically updated based on the characteristic, the factor matrix, and at least one of a positive indicator or a negative indicator. 14. The medium of claim 5, wherein the plurality of nodes includes a set of child nodes and a parent node such that a first threat indicator that affects any child node from the set of child nodes propagates a first effect up to the parent node, and a second threat indicator on the parent node propagates down a second effect to the set of child nodes. 15. The medium of claim 5, wherein probabilistic network security measures of the plurality of nodes in the network graph are dynamically calculated or updated in a horizontally-distributed manner by a number of distributed processors.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (2)
Kunal, Ranveer; Panesar, Kiran S.; Thakur, Madhukar N., Detecting content on a social network using links.
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.