Systems and methods for a simulated network attack generator
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/24
H04L-012/26
H04L-029/06
G06F-021/57
G09B-019/00
G06F-017/50
G06F-009/455
H04L-029/08
출원번호
US-0487633
(2009-06-18)
등록번호
US-9246768
(2016-01-26)
발명자
/ 주소
White, Christopher Dyson
Ratcliffe, III, Chester Randolph
Espinosa, John Christian
Vickery, Joel Alan
Moate, Aaron Randal
Parker, Jr., Ronald David
Crawford, Marc Anthony
출원인 / 주소
Camber Corporation
대리인 / 주소
Lanier Ford Shaver & Payne, P.C.
인용정보
피인용 횟수 :
2인용 특허 :
24
초록▼
A system is disclosed that generates a network attack within a simulated network environment. The system includes a module that creates one or more attack events against network devices within the simulated network environment wherein the attack events include exploitations of published and unpublis
A system is disclosed that generates a network attack within a simulated network environment. The system includes a module that creates one or more attack events against network devices within the simulated network environment wherein the attack events include exploitations of published and unpublished vulnerabilities and failures of hardware and software network systems, devices, or applications within the simulated network environment. Additionally, the module executes the created attack event on the simulated network environment. In addition, the system has an interface configured for receiving metadata regarding each attack event and adding the received attack event metadata to each associated attack event.
대표청구항▼
1. A system, comprising: a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user's operational environment and user network, such that the simulated network environment operationally mimics the user's operational environm
1. A system, comprising: a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user's operational environment and user network, such that the simulated network environment operationally mimics the user's operational environment and the user network;a computer platform having hardware and software configured as a standalone configuration;a module configured for executing an attack scenario against the hardware, software, and virtualized devices, within the simulated network environment while the simulated network environment is operationally mimicking the user's operating environment and user network via the hardware, software, and virtual devices, the attack scenario comprising attack events that are one or more actions to be executed by the module, wherein the module is further configured to perform the actions on the hardware, software, and virtual devices thereby causing a failure of the hardware, software, or virtual devices within the simulated network environment; andan interface configured for receiving additional attack event metadata regarding at least one attack event and adding the received attack event metadata to the corresponding attack event. 2. The system of claim 1 wherein the interface is a graphical user interface configured to receive the attack event metadata from a user, wherein the attack event metadata includes an attack event editor enabling a user to select and configure the attack events. 3. The system of claim 1 wherein the interface is a logical interface configured to receive the attack event metadata from a software application. 4. The system of claim 1 wherein the attack events comprise email threats, network attacks, or network failures. 5. The system of claim 1, further comprising a graphical user interface (GUI) communicatively connected to the interface of the computer platform, the GUI being configured as an operating network administrator for controlling and monitoring the execution of the attack events. 6. The system of claim 5 wherein the GUI includes an attack event editor configured for writing the attack events into a standard XML file, and wherein the module is further configured for automatically generating unique attributes within each of the one or more created attack events, the attributes including serial numbers that are unique and that are created by automatic incrementation of a global serial number listing, wherein the serial numbers are added to the XML file and stored within the memory, and wherein the attack event editor includes the capability for deleting, removing, modifying and querying the attack events stored in the memory. 7. The system of claim 1, further comprising an attack scenario execution manager configured for initiating the creation and the execution of the attack events. 8. The system of claim 7 wherein the module is configured to generate a bot server module within a bot of the simulated network environment utilizing at least one of the attack events. 9. The system of claim 7 wherein the module is configured for monitoring the execution and transmission of the attack events including the success of the attack events within the simulated network environment and attributes of the attack events. 10. The system of claim 1 wherein the module is configured for creating a listing of network devices within the simulated network environment to be restored based upon a successful execution of the attack events. 11. The system of claim 10 wherein the module is configured for creating an image set of the network devices prior to execution of the attack events. 12. The system of claim 1 wherein the module is configured to create the attack scenario utilizing at least one of the attack events, the attack scenario being a group of the attack events along with corresponding attack event metadata including predefined time of execution. 13. The system of claim 12, further comprising an attack scenario editor configured for grouping attack events together and assigning them a predefined time of execution. 14. The system of claim 13 wherein the attack scenario editor is configured for creating data indicative of an attack scenario in XML format, and wherein the module is configured to generate unique attack scenario attributes and a unique serial number for the attack scenario, and wherein the module is further configured to include the data indicative of the attack scenario attributes and the unique serial number within an XML file, and wherein the attack scenario editor includes the capability for deleting, removing, modifying and querying the attack scenario. 15. The system of claim 14, further comprising an attack scenario execution manager configured for initiating the attack scenario against the simulated network environment. 16. The system of claim 15 wherein the module is configured to generate a bot server module within a bot of the simulated network environment utilizing the attack scenario. 17. The system of claim 12 wherein the module is configured for monitoring the attack scenario as a function of at least one of the following factors: percentage of successes and failures, time, attribute, and attack event. 18. The system of claim 12 wherein the module is configured to execute the attack events responsive to an input from a user or as an execution of the attack scenario along an operational timeline. 19. The system of claim 1, further comprising a graphical user interface including an attack event mitigation editor for defining a mitigation set responsive to the one or more attack events. 20. The system of claim 1 wherein the module is configured for creating a listing of network devices within the simulated network environment that need to be restored based upon a successful execution of an attack scenario. 21. The system of claim 20 wherein the module is configured for creating an image set of the network devices prior to execution of the attack scenario. 22. The system of claim 1, wherein the module is further configured for defining a set of expected user actions within attack event metadata that would mitigate damage or prevent success of attack events when executed and determine, based upon user actions in response to the attack events, whether the user actions are in compliance with the expected user actions. 23. A system, comprising: a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user's operational environment and user network, such that the simulated network environment mimics the user's operational environment and the user network;a module configured for executing an attack event against the hardware, software, and virtualized devices within the simulated network environment thereby causing failures of the hardware, software, or virtualized devices within the simulated network environment, the module further configured for executing the attack event on the simulated network environment along a predefined operational timeline; andan interface configured for receiving metadata regarding the attack event and adding the received attack event metadata to the associated attack event. 24. The system of claim 23 wherein the module is configured for monitoring the attack event as a function of at least one of the following factors: percentage of successes and failures, time, attribute, and the attack event. 25. A system, comprising: a simulated network environment comprising hardware, software, and virtualized devices that duplicate a network architecture of a user's operational environment and user network, such that the simulated network environment mimics the user's operational environment and the user network;a module configured for executing one or more attack events against the hardware, software, and virtualized devices within the simulated network environment, the attack events, when executed, causing failures of the hardware, software, or virtualized devices within the simulated network environment, the module further configured for defining a set of expected user actions within attack event metadata corresponding to the attack events and based upon the failures, that would mitigate the attack events or prevent the attack events from being successful; andan interface configured for receiving metadata regarding the one or more attack events and adding the received attack event metadata to each associated attack event.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (24)
Kouznetsov, Victor; Huang, Ricky, Anti-virus policy enforcement system and method.
Carlson,Gregory G.; Davis,Heather; Norvell, IV,John Edmondson; Zierath,Kevin Lee; Vemulapalli,Chandra S.; Ramachandran,Vidhyaprakash, Method, system and program product for generating scenarios utilizing graphical objects representing hierarchically arranged elements of a modeled environment.
Barbaresi,Andrea; Buldorini,Andrea; Calochira,Giorgio; Goria,Paolo; Guerrini,Claudio; Nannicini,Saverio; Sorbara,Davide; Zucca,Enrico, System and method for stimulating the behavior of a network for mobile radio apparatus.
Morton, Gary D.; Mihelic, Mark; Moniz, Michael; Thornton, Paul R.; Pressley, Ryan; Lee, Laura, Mission-based, game-implemented cyber training system and method.
Morton, Gary D.; Mihelic, Mark; Moniz, Michael; Thornton, Paul R.; Pressley, Ryan; Lee, Laura, Mission-based, game-implemented cyber training system and method.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.