-
公开(公告)号:US07904962B1
公开(公告)日:2011-03-08
申请号:US11371937
申请日:2006-03-10
申请人: Sushil Jajodia , Steven E. Noel , Pramod Kalapa , Brian C. O'Berry , Michael A. Jacobs , Eric B. Robertson , Robert G. Weierbach
发明人: Sushil Jajodia , Steven E. Noel , Pramod Kalapa , Brian C. O'Berry , Michael A. Jacobs , Eric B. Robertson , Robert G. Weierbach
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for modeling, analyzing, and responding to network attacks. Machines are mapped to components, components are mapped to vulnerabilities, and vulnerabilities are mapped to exploits. Each of the exploits includes at least one precondition mapped to at least one postcondition. An attack graph which defines inter-exploit distances is generated using at least one of the exploits. The attack graph is aggregated. At least one hardening option is determined using the aggregated attack graph. Hardening options include applying at least one corrective measure to at least one initial condition, where the initial condition is the initial state of a precondition.
摘要翻译: 公开了一种用于建模,分析和响应网络攻击的系统。 机器映射到组件,组件映射到漏洞,漏洞映射到漏洞。 每个漏洞包括映射到至少一个后置条件的至少一个前提条件。 使用至少一个漏洞利用生成定义间谍间距的攻击图。 攻击图被聚合。 使用聚合攻击图确定至少一个硬化选项。 加固选项包括将至少一个校正措施应用于至少一个初始条件,其中初始条件是前提条件的初始状态。
-
公开(公告)号:US07555778B2
公开(公告)日:2009-06-30
申请号:US11250449
申请日:2005-10-17
IPC分类号: G06F12/14 , G06F7/04 , G06F15/173
CPC分类号: H04L63/1433
摘要: Disclosed is a network hardening mechanism. The mechanism: generates a dependency graph from a multitude of exploits; constructs a goal conditions expression which may then be used to determine set(s) of safe network configurations. A subset of these safe network configuration sets may then be selected for implementation using hardening costs as a criterion.
摘要翻译: 公开了一种网络硬化机制。 机制:从多个漏洞生成依赖图; 构建目标条件表达式,然后可以将其用于确定安全网络配置的集合。 然后可以选择这些安全网络配置集的一部分,以使用硬化成本作为标准。
-
搜索结果
2 条记录 (耗时 0.027 秒)
