-
公开(公告)号:US10425429B2
公开(公告)日:2019-09-24
申请号:US15076089
申请日:2016-03-21
申请人: Gabriel Bassett
发明人: Gabriel Bassett
摘要: An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.
-
2.发明申请公开(公告)号:US20160205122A1
公开(公告)日:2016-07-14
申请号:US15076089
申请日:2016-03-21
申请人: Gabriel Bassett
发明人: Gabriel Bassett
IPC分类号: H04L29/06
摘要: An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.
摘要翻译: 已经开发了一种用于分析计算机网络安全性的改进方法。 该方法首先建立多个节点,其中每个节点表示与网络安全性相关的一个actor,一个事件,一个条件或一个属性。 接下来,为反映实现节点的事件,条件或属性的容易性的每个节点创建估计。 识别攻击路径,其表示达到网络安全性损害条件的节点的链接。 接下来,针对攻击路径计算边缘概率。 边缘概率基于沿着攻击路径的每个节点的估计。 接下来,生成一个攻击图,它识别出最简单的妥协的网络安全条件和达到这些条件的攻击路径。 最后,使用网络上的物理传感器检测攻击,预测事件和状况。 当检测到攻击时,会响应攻击生成安全警报。
-
3.发明授权公开(公告)号:US09292695B1
公开(公告)日:2016-03-22
申请号:US14249496
申请日:2014-04-10
申请人: Gabriel Bassett
发明人: Gabriel Bassett
CPC分类号: G06F21/577
摘要: A method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the case of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Finally, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions.
摘要翻译: 已经开发了分析计算机网络安全性的方法。 该方法首先建立多个节点,其中每个节点表示与网络安全性相关的一个actor,一个事件,一个条件或一个属性。 接下来,针对反映实现节点的事件,条件或属性的情况的每个节点创建估计。 识别攻击路径,其表示达到网络安全性损害条件的节点的链接。 接下来,针对攻击路径计算边缘概率。 边缘概率基于沿着攻击路径的每个节点的估计。 最后,生成一个攻击图,标识了最简单的妥协的网络安全条件和达到这些条件的攻击路径。
-
-
搜索结果
3 条记录 (耗时 0.017 秒)
