公开(公告)号：US07530105B2

公开(公告)日：2009-05-05

申请号：US11688540

申请日：2007-03-20

申请人： Logan Gilbert ,  Robert J. Morgan ,  Arthur A. Keen

发明人： Logan Gilbert ,  Robert J. Morgan ,  Arthur A. Keen

IPC分类号： G06F15/16

CPC分类号： G06F21/577 ,  G06F21/55 ,  H04L63/1425 ,  H04L63/1433

摘要： NETWAR provides a utility that enables detection of both tactical and strategic threats against an individual entity and interrelated/affiliated networks of entities. A distributed network of sensors and evaluators are utilized to detect tactical attacks against one or more entities. Events on the general network are represented as an input graph, which is searched for matches of example pattern graphs that represent tactical attacks. The search is performed using a scalable graph matching engine and an ontology that is periodically updated by a subject matter expert or analyst. NETWAR provides the functionality to determine/understand the strategic significance of the detected tactical attacks by correlating detected tactical attacks on the individual entities to identify the true motive of these attacks as a strategic attack. NETWAR also provides predictive capability to predict future entities and sub-entities that may be targeted based on evaluation of the attack data.

摘要翻译： NETWAR提供了一个实用程序，可以检测针对个别实体和相关/附属实体网络的战术和战略威胁。 传感器和评估者的分布式网络被用于检测针对一个或多个实体的战术攻击。 一般网络上的事件被表示为输入图，其搜索表示战术攻击的示例模式图的匹配。 使用可扩展图匹配引擎和由主题专家或分析者定期更新的本体来执行搜索。 NETWAR提供了通过将检测到的对各个实体的战术攻击相关联来确定/了解所检测到的战术攻击的战略意义的功能，以将这些攻击的真实动机识别为战略攻击。 NETWAR还提供预测能力，以预测未来的实体和子实体，这些实体和子实体可以基于攻击数据的评估来定位。