公开(公告)号：US10068493B2

公开(公告)日：2018-09-04

申请号：US15199279

申请日：2016-06-30

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B7/00 ,  G09B19/00 ,  G09B5/00 ,  G09B9/00 ,  H04L29/06

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

公开(公告)号：US09766986B2

公开(公告)日：2017-09-19

申请号：US14011642

申请日：2013-08-27

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Robert A. Joyce ,  Carl Manson ,  Hajime Inoue ,  Kenneth J. Thurber

IPC: H04L29/06 ,  G06F11/14 ,  G06F9/455 ,  G06F9/46 ,  G06F21/60

CPC classification number: G06F11/1469 ,  G06F9/45533 ,  G06F9/466 ,  G06F21/606 ,  H04L63/145

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

公开(公告)号：US20170032694A1

公开(公告)日：2017-02-02

申请号：US14811403

申请日：2015-07-28

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Matthew P. Donovan

IPC: G09B19/00 ,  G09B5/02

CPC classification number: G09B19/0053 ,  G09B5/02

Abstract: An example method includes outputting a graphical dashboard that includes one or more learning objective nodes and one or more skill nodes, selecting one or more software agents that are associated with the one or more skill nodes, providing, to at least one host computing system, an indication of the one or more software agents that are configured to collect parameter data from the at least one host computing system while a trainee performs actions, receiving the parameter data collected by the one or more software agents during execution, determining, based on the parameter data, that the one or more skills represented by the one or more skill nodes have been demonstrated by the trainee, and updating the one or more skill nodes to graphically indicate that one or more represented skills have been demonstrated.

Abstract translation: 示例性方法包括输出包括一个或多个学习目标节点和一个或多个技能节点的图形仪表板，选择与所述一个或多个技能节点相关联的一个或多个软件代理，向至少一个主计算系统， 所述一个或多个软件代理的指示被配置为在所述受训者执行动作时收集来自所述至少一个主计算系统的参数数据，在执行期间接收由所述一个或多个软件代理收集的参数数据，基于 参数数据，所述一个或多个技能节点所表示的一个或多个技能已由受训者证明，并且更新一个或多个技能节点以图形地表示已经证明了一个或多个表示的技能。

公开(公告)号：US20150046405A1

公开(公告)日：2015-02-12

申请号：US14011642

申请日：2013-08-27

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Robert A. Joyce ,  Carl Manson ,  Hajime Inoue ,  Kenneth J. Thurber

IPC: G06F11/14 ,  G06F9/46 ,  G06F21/60 ,  G06F9/455

CPC classification number: G06F11/1469 ,  G06F9/45533 ,  G06F9/466 ,  G06F21/606 ,  H04L63/145

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

Abstract translation: 服务器系统从客户端计算设备接收消息。 每个消息都对应一个事务。 服务器系统将每个相应的事务分配给相应的新鲜虚拟机。 此外，服务器系统作为处理相应事务的相应虚拟机的一部分执行与相应事务相关联的修改到共享数据库。 独立于多个虚拟机来保持共享数据库。 响应于确定相应交易的处理完成，服务器系统丢弃相应的虚拟机。 响应于确定相应的交易与网络攻击相关联，服务器系统使用与相应交易相关联的检查点数据来将与相应交易相关联的修改回滚到共享数据库。

公开(公告)号：US10083624B2

公开(公告)日：2018-09-25

申请号：US14811403

申请日：2015-07-28

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Matthew P. Donovan

IPC: G09B19/00 ,  G09B5/02

CPC classification number: G09B19/0053 ,  G09B5/02

Abstract: An example method includes outputting a graphical dashboard that includes one or more learning objective nodes and one or more skill nodes, selecting one or more software agents that are associated with the one or more skill nodes, providing, to at least one host computing system, an indication of the one or more software agents that are configured to collect parameter data from the at least one host computing system while a trainee performs actions, receiving the parameter data collected by the one or more software agents during execution, determining, based on the parameter data, that the one or more skills represented by the one or more skill nodes have been demonstrated by the trainee, and updating the one or more skill nodes to graphically indicate that one or more represented skills have been demonstrated.

公开(公告)号：US20170032695A1

公开(公告)日：2017-02-02

申请号：US15199279

申请日：2016-06-30

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

Abstract translation: 本公开通常涉及计算机网络训练练习的自动执行和评估，例如在虚拟机环境中。 示例环境包括控制和监视系统，攻击系统和目标系统。 控制和监控系统启动训练场景，使攻击系统对目标系统发动攻击。 目标系统然后执行响应攻击的动作。 通过持续监控训练场景来收集与目标系统的攻击相关的信息。 攻击系统然后能够向目标系统发送动态响应数据，其中根据所收集的监视信息生成动态响应数据，以使训练场景适应于由目标系统执行的动作。 然后，控制和监视系统基于收集的监视信息生成自动评估。

公开(公告)号：US09384677B2

公开(公告)日：2016-07-05

申请号：US14683923

申请日：2015-04-10

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

公开(公告)号：US09769250B2

公开(公告)日：2017-09-19

申请号：US14791089

申请日：2015-07-02

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Stephen K. Brueckner ,  Robert A. Joyce ,  Kenneth J. Thurber

IPC: H04L29/06 ,  H04L29/08 ,  G06F17/30 ,  G06F11/14 ,  G06F9/46 ,  G06F21/60 ,  G06F21/55 ,  G06F9/455

CPC classification number: H04L67/10 ,  G06F9/466 ,  G06F11/1438 ,  G06F11/1464 ,  G06F11/1469 ,  G06F11/1471 ,  G06F11/1474 ,  G06F11/1484 ,  G06F17/3051 ,  G06F21/55 ,  G06F21/606 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815 ,  H04L63/1441 ,  H04L63/145

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to a trigger, such as determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

公开(公告)号：US20150334130A1

公开(公告)日：2015-11-19

申请号：US14809926

申请日：2015-07-27

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Kenneth J. Thurber

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/1441 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/552 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/20

Abstract: A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, a hypervisor executing on each one of the processing units, and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines.

Abstract translation: 描述了一个可行的网络，其中一个或多个网络设备包括增强的功能以打击网络攻击。 描述了直通节点（FTN），其可以是增强具有生存性属性的现有网络的组合硬件/软件系统。 网络节点包括具有一组一个或多个处理单元的硬件处理系统，在每个处理单元上执行的管理程序，以及在每个管理程序上执行的多个虚拟机。 网络节点包括应用级调度器，用于从与多个客户端的多个网络通信会话中接收多个事务请求，并将每个事务请求的副本分发给在网络节点上执行的多个虚拟机 多个时间步骤来形成虚拟机的处理流水线。

公开(公告)号：US20150213730A1

公开(公告)日：2015-07-30

申请号：US14683923

申请日：2015-04-10

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.