公开(公告)号：US10148685B2

公开(公告)日：2018-12-04

申请号：US15651779

申请日：2017-07-17

Applicant: Accenture Global Services Limited

Inventor： Amin Hassanzadeh ,  Shimon Modi ,  Shaan Mulchandani ,  Walid Negm

IPC: G06F21/00 ,  H04L29/06 ,  H04L29/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided.

公开(公告)号：US20170310697A1

公开(公告)日：2017-10-26

申请号：US15647979

申请日：2017-07-12

Applicant: Accenture Global Services Limited

Inventor： Michael L. Lefebvre ,  Matthew Carver ,  Eric Ellett ,  Walid Negm ,  Louis William DiValentin ,  James J. Solderitsch

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24 ,  H04W12/08 ,  G06F21/56

CPC classification number: H04L63/1425 ,  G06F21/566 ,  H04L41/12 ,  H04L41/22 ,  H04L43/04 ,  H04L43/0888 ,  H04L43/0894 ,  H04L63/1466 ,  H04W12/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.

公开(公告)号：US10009366B2

公开(公告)日：2018-06-26

申请号：US15647979

申请日：2017-07-12

Applicant: Accenture Global Services Limited

Inventor： Michael L. Lefebvre ,  Matthew Carver ,  Eric Ellett ,  Walid Negm ,  Louis William DiValentin ,  James J. Solderitsch

IPC: H04L29/06 ,  H04L12/26 ,  H04W12/08 ,  G06F21/56 ,  H04L12/24

CPC classification number: H04L63/1425 ,  G06F21/566 ,  H04L41/12 ,  H04L41/22 ,  H04L43/04 ,  H04L43/0888 ,  H04L43/0894 ,  H04L63/1466 ,  H04W12/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.

公开(公告)号：US20170318050A1

公开(公告)日：2017-11-02

申请号：US15651779

申请日：2017-07-17

Applicant: Accenture Global Services Limited

Inventor： Amin Hassanzadeh ,  Shimon Modi ,  Shaan Mulchandani ,  Walid Negm

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1433 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/10

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided.

公开(公告)号：US20160301709A1

公开(公告)日：2016-10-13

申请号：US14841227

申请日：2015-08-31

Applicant: Accenture Global Services Limited

Inventor： Amin Hassanzadeh ,  Shimon Modi ,  Shaan Mulchandani ,  Walid Negm

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1433 ,  H04L63/0227 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/10

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for transforming representations of network activity data. A data structure that represents communication events between computing devices of one or more networks is received. The data structure is analyzed and a set of potential attack paths represented in the data structure is determined. A score is assigned to each potential attack path in the set of potential attack paths. Potential attack paths that have scores that do not meet a predetermined threshold are removed from the set of potential attack paths. Potential attack paths that remain in the set of potential attack paths are ranked, based on each score assigned to each potential attack path, and the data structure that includes a ranked set of potential attack paths is provided.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于变换网络活动数据的表示。 接收表示一个或多个网络的计算装置之间的通信事件的数据结构。 分析数据结构，并确定在数据结构中表示的一组潜在攻击路径。 将一个分数分配给潜在攻击路径集合中的每个潜在攻击路径。 具有不符合预定阈值的分数的潜在攻击路径从潜在攻击路径集中移除。 基于分配给每个潜在攻击路径的每个分数，保留在潜在攻击路径集合中的潜在攻击路径被提供，并且提供包括排列的潜在攻击路径集合的数据结构。

公开(公告)号：US20160085972A1

公开(公告)日：2016-03-24

申请号：US14839331

申请日：2015-08-28

Applicant: Accenture Global Services Limited

Inventor： Song Luo ,  Walid Negm ,  James J. Solderitsch ,  Shaan Mulchandani ,  Amin Hassanzadeh ,  Shimon Modi

IPC: G06F21/60 ,  H04L9/08 ,  H04L29/06

CPC classification number: G06F21/602 ,  H04L9/0894 ,  H04L63/0209 ,  H04L63/08 ,  H04L63/10 ,  H04L63/20 ,  H04L2209/76

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.

Abstract translation: 系统，方法和装置，包括在计算机存储介质上编码的计算机程序，用于促进工业控制网络中的通信。 系统包括工业控制网络，一个或多个控制器设备，一个或多个仿真器和加密中继处理器。 每个控制器设备可操作以控制连接到工业控制网络的一个或多个操作设备。 每个仿真器可被配置为与相应的控制器设备进行通信，并且每个仿真器可被配置为引用包括关于相应控制器设备的安全性能的信息的相应简档。 加密中继处理器可以可操作以便于通过工业控制网络与每个仿真器进行通信。 当相应的控制器设备不能执行加密功能时，加密中继处理器可以执行用于仿真器与工业控制网络上的节点之间的通信的加密功能。

公开(公告)号：US10824736B2

公开(公告)日：2020-11-03

申请号：US15822824

申请日：2017-11-27

Applicant: Accenture Global Services Limited

Inventor： Song Luo ,  Walid Negm ,  James J. Solderitsch ,  Shaan Mulchandani ,  Amin Hassanzadeh ,  Shimon Modi

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.

公开(公告)号：US20180144144A1

公开(公告)日：2018-05-24

申请号：US15822824

申请日：2017-11-27

Applicant: Accenture Global Services Limited

Inventor： Song Luo ,  Walid Negm ,  James J. Solderitsch ,  Shaan Mulchandani ,  Amin Hassanzadeh ,  Shimon Modi

IPC: G06F21/60 ,  H04L29/06 ,  H04L9/08

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.

公开(公告)号：US09870476B2

公开(公告)日：2018-01-16

申请号：US14839123

申请日：2015-08-28

Applicant: Accenture Global Services Limited

Inventor： Song Luo ,  Walid Negm ,  James J. Solderitsch ,  Shaan Mulchandani ,  Amin Hassanzadeh ,  Shimon Modi

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/602 ,  H04L9/0894 ,  H04L63/0209 ,  H04L63/08 ,  H04L63/10 ,  H04L63/20 ,  H04L2209/76

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the operational technology networks can include one or more controller devices operable to control one or more operational devices, and can include a respective site security server and a respective security relay server. The security relay server can be operable to facilitate secure communication between controller devices of the operational technology network and its corresponding site security server. The management server can be a node on the enterprise network and can be operable to communicate with each site security server.

公开(公告)号：US09864864B2

公开(公告)日：2018-01-09

申请号：US14839331

申请日：2015-08-28

Applicant: Accenture Global Services Limited

Inventor： Song Luo ,  Walid Negm ,  James J. Solderitsch ,  Shaan Mulchandani ,  Amin Hassanzadeh ,  Shimon Modi

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/602 ,  H04L9/0894 ,  H04L63/0209 ,  H04L63/08 ,  H04L63/10 ,  H04L63/20 ,  H04L2209/76

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.