公开(公告)号：US11729221B1

公开(公告)日：2023-08-15

申请号：US17992154

申请日：2022-11-22

Applicant: Architecture Technology Corporation

Inventor： Scott Aloisio ,  Robert Joyce

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/0816 ,  H04L61/5007

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L63/0209 ,  H04L63/0281 ,  H04L63/1441 ,  H04L61/5007

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

公开(公告)号：US11429713B1

公开(公告)日：2022-08-30

申请号：US16256810

申请日：2019-01-24

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Matthew Donovan ,  Paul Nicotera ,  Dahyun Hollister ,  Robert Joyce ,  Judson Powers

IPC: G06F21/53 ,  G06N3/04 ,  H04L9/40 ,  G06F21/55

Abstract: The methods and systems disclosed herein generally relate to automated execution and evaluation of computer network training exercises, such as in a virtual environment. A server generates a training system having a virtual attack machine and a virtual target machine where the virtual target machine is operatively controlled by a trainee computer. The server then executes a simulated cyber-attack and monitors/collects actions and responses by the trainee. The server then executes an artificial intelligence model to evaluate the trainee's action and to identify a subsequent simulated cyber-attack (e.g., a next step to the simulated cyber-attack). The server may then train the artificial intelligence model using various machine-learning techniques using the collected data during the exercise.

公开(公告)号：US10749890B1

公开(公告)日：2020-08-18

申请号：US16012651

申请日：2018-06-19

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Scott Aloisio ,  Robert Joyce ,  Judson Powers

IPC: H04L29/06 ,  G06N5/02 ,  H04L12/24 ,  H04L12/26

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

公开(公告)号：US11997129B1

公开(公告)日：2024-05-28

申请号：US17967533

申请日：2022-10-17

Applicant: Architecture Technology Corporation

Inventor： Scott Aloisio ,  Robert Joyce ,  Judson Powers

IPC: H04L29/06 ,  G06N5/025 ,  H04L9/40 ,  H04L41/0631 ,  H04L41/22 ,  H04L43/06

CPC classification number: H04L63/1433 ,  G06N5/025 ,  H04L41/0636 ,  H04L41/22 ,  H04L43/06 ,  H04L63/1416 ,  H04L63/302

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

公开(公告)号：US11722515B1

公开(公告)日：2023-08-08

申请号：US17480052

申请日：2021-09-20

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Robert Joyce ,  Scott Aloisio

IPC: H04L9/40 ,  G06F16/835 ,  G06F16/955

CPC classification number: H04L63/1433 ,  G06F16/8373 ,  G06F16/955 ,  H04L63/1416 ,  H04L63/20

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves the cybersecurity of a unified system comprising a plurality of sub-systems. The analytic server may instantiate a sub attack tree for each network sub-system within the unified system of distributed network infrastructure. The analytic server may access the sub attack trees of the network sub-systems based on the corresponding identifiers. The analytic server may build a high-level attack tree of the unified system by aggregating the sub attack tree of each sub-system. The analytic server may determine how the interconnection of the plurality of network sub-systems may affect the unified system security. The analytic server may update one or more nodes of the attack tree to reflect the changes produced from the interconnection. The analytic server may build the attack tree based on a set of aggregation rules.

公开(公告)号：US11509694B1

公开(公告)日：2022-11-22

申请号：US17129439

申请日：2020-12-21

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Scott Aloisio ,  Robert Joyce

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/0816 ,  H04L61/5007

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

公开(公告)号：US10817604B1

公开(公告)日：2020-10-27

申请号：US16012695

申请日：2018-06-19

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Colleen Kimball ,  Robert Joyce ,  Judson Powers ,  Matthew Donovan

IPC: G06F21/56 ,  G06F8/73 ,  G06F21/57 ,  G06N20/00

Abstract: Disclosed herein are embodiments of systems, methods, and products that execute tools to identify non-malicious faults in source codes introduced by engineers and programmers. The tools may execute a machine learning model on the source codes to perform sentiment analysis and pattern analysis on information associated with the source codes to generate annotated source code files identifying anomalies based on the sentiment analysis and the pattern analysis. One or more threat levels are then identified and ranked based on the one or more anomalies and a ranked list of the one or more threat levels is displayed on a graphical user interface of a computer.

公开(公告)号：US11997131B1

公开(公告)日：2024-05-28

申请号：US17948980

申请日：2022-09-20

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Joseph Sirianni ,  Judson Powers ,  Robert Joyce

IPC: G06F21/00 ,  G06N3/04 ,  G06N3/084 ,  G06N20/10 ,  H04L9/40

CPC classification number: H04L63/145 ,  G06N3/04 ,  G06N3/084 ,  G06N20/10 ,  H04L63/1425 ,  H04L63/1433

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.

公开(公告)号：US11503064B1

公开(公告)日：2022-11-15

申请号：US16995458

申请日：2020-08-17

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Scott Aloisio ,  Robert Joyce ,  Judson Powers

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/0631 ,  H04L41/22 ,  H04L43/06 ,  G06N5/02

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

公开(公告)号：US10719706B1

公开(公告)日：2020-07-21

申请号：US16012624

申请日：2018-06-19

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Paul Nicotera ,  Robert Joyce ,  Judson Powers ,  Daniel McArdle

IPC: G06K9/00

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a terrain segmentation and classification tool for synthetic aperture radar (SAR) imagery. The server accurately segments and classifies terrain types in SAR imagery and automatically adapts to new radar sensors data. The server receives a first SAR imagery and trains an autoencoder based on the first SAR imagery to generate learned representations of the first SAR imagery. The server trains a classifier based on labeled data of the first SAR imagery data to recognize terrain types from the learned representations of the first SAR imagery. The server receives a terrain query for a second SAR imagery. The server translates the second imagery data into the first imagery data and classifies the second SAR imagery terrain types using the classifier trained for the first SAR imagery. By reusing the original classifier, the server improves system efficiency.