公开(公告)号：US20130318615A1

公开(公告)日：2013-11-28

申请号：US13478290

申请日：2012-05-23

申请人： Mihai Christodorescu ,  Dmytro Korzhyk ,  Reiner Sailer ,  Douglas L. Schales ,  Marc Ph. Stoecklin ,  Ting Wang

发明人： Mihai Christodorescu ,  Dmytro Korzhyk ,  Reiner Sailer ,  Douglas L. Schales ,  Marc Ph. Stoecklin ,  Ting Wang

IPC分类号： G06F21/00 ,  G06F17/10

CPC分类号： G06F21/00 ,  G06F21/552 ,  G06Q10/06375 ,  H04L63/1408 ,  H04L63/20

摘要： Methods for determining cyber-attack targets include collecting and storing network event information from sensors to extract information regarding an attacker; forming an attack scenario tree that encodes network topology and vulnerability information including paths from known compromised nodes to a set of potential targets; calculating a likelihood for each of the paths using a processor; calculating a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker; calculating a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker; determining a network graph edge to remove which minimizes a defender's expected uncertainty over the potential targets; and removing the determined network graph edge.

摘要翻译： 用于确定网络攻击目标的方法包括从传感器收集和存储网络事件信息以提取关于攻击者的信息; 形成攻击场景树，其编码网络拓扑和脆弱性信息，包括从已知的受感染节点到一组潜在目标的路径; 使用处理器计算每个路径的可能性; 计算一组潜在目标的概率分布，以确定攻击者最有可能追查哪些潜在目标; 计算攻击者已经访问的一组节点和节点漏洞类型的概率分布; 确定要除去的网络图边缘，使防守者对潜在目标的预期不确定性最小化; 并删除确定的网络图边缘。