公开(公告)号：US09912683B2

公开(公告)日：2018-03-06

申请号：US14247566

申请日：2014-04-08

Applicant: U.S. Army Research Laboratory ATTN: RDRL-LOC-I

Inventor： Hasan Cam

IPC: H04L29/06

CPC classification number: H04L63/1433

Abstract: A method and apparatus is provided for determining aggregated value of risk and resilience metrics of critical nodes in a network of computer nodes, comprising determining a status of each node in a plurality of nodes, computing one or more effectiveness attributes for each node in the plurality of nodes, ranking the plurality of nodes based upon at least the one or more effectiveness attributes of each node, determining one or more nodes as critical nodes based on the ranking and computing a criticality surface of the one or more critical nodes as the aggregated value of risk and resilience metrics, wherein the criticality surface is an aggregation of the one or more effectiveness attribute for each of the one or more critical nodes.

公开(公告)号：US20160248794A1

公开(公告)日：2016-08-25

申请号：US14247566

申请日：2014-04-08

Applicant: U.S. Army Research Laboratory ATTN: RDRL-LOC-I

Inventor： Hasan Cam

IPC: H04L29/06

CPC classification number: H04L63/1433

Abstract: A method and apparatus is provided for determining aggregated value of risk and resilience metrics of critical nodes in a network of computer nodes, comprising determining a status of each node in a plurality of nodes, computing one or more effectiveness attributes for each node in the plurality of nodes, ranking the plurality of nodes based upon at least the one or more effectiveness attributes of each node, determining one or more nodes as critical nodes based on the ranking and computing a criticality surface of the one or more critical nodes as the aggregated value of risk and resilience metrics, wherein the criticality surface is an aggregation of the one or more effectiveness attribute for each of the one or more critical nodes.

Abstract translation: 提供了一种用于确定计算机节点网络中的关键节点的风险和弹性度量的聚合值的方法和装置，包括确定多个节点中的每个节点的状态，为所述多个节点中的每个节点计算一个或多个有效性属性 的节点，至少基于每个节点的一个或多个有效性属性对多个节点进行排序，基于排名将一个或多个节点确定为关键节点，并且计算一个或多个关键节点的关键性表面作为聚合值 的风险和弹性度量，其中所述关键性表面是所述一个或多个关键节点中的每一个的所述一个或多个有效性属性的聚合。

公开(公告)号：US10185832B2

公开(公告)日：2019-01-22

申请号：US15213434

申请日：2016-07-19

Applicant: U.S. Army Research Laboratory ATTN: RDRL-LOC-I

Inventor： Hasan Cam

IPC: G06F21/57 ,  G06N7/00 ,  G06N5/04

Abstract: Provided are processes of monitoring or modifying a network of electronically connected assets that dynamically builds relationships and dependencies among detected vulnerabilities in one or more of the assets and sensor measurements so that risk assessment can be achieved more accurately and in real-time. A process includes: identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in the plurality of vulnerabilities; creating a hidden Markov model representing an attack state of each vulnerability of the plurality of vulnerabilities; determining the exploit likelihood of each of the attack states at a first time; determining the most probable sequences or paths of the attack states; and identifying dynamically the risk of one or more of the critical assets based on the sequences or paths of attack states.

公开(公告)号：US20170046519A1

公开(公告)日：2017-02-16

申请号：US15213434

申请日：2016-07-19

Applicant: U.S Army Research Laboratory ATTN: RDRL-LOC-I

Inventor： Hasan Cam

IPC: G06F21/57 ,  G06N5/02

CPC classification number: G06F21/577 ,  G06N5/043 ,  G06N7/005

Abstract: Provided are processes of monitoring or modifying a network of electronically connected assets that dynamically builds relationships and dependencies among detected vulnerabilities in one or more of the assets and sensor measurements so that risk assessment can be achieved more accurately and in real-time. A process includes: identifying a plurality of vulnerabilities on a network of electronically interconnected devices representing one or more critical assets; determining dependencies between each vulnerability in the plurality of vulnerabilities; creating a hidden Markov model representing an attack state of each vulnerability of the plurality of vulnerabilities; determining the exploit likelihood of each of the attack states at a first time; determining the most probable sequences or paths of the attack states; and identifying dynamically the risk of one or more of the critical assets based on the sequences or paths of attack states.

Abstract translation: 提供了监控或修改电子连接资产网络的过程，该网络在一个或多个资产和传感器测量中动态建立检测到的漏洞之间的关系和依赖关系，从而可以更准确和实时地实现风险评估。 一个过程包括：识别代表一个或多个关键资产的电子互连设备的网络上的多个脆弱性; 确定所述多个漏洞中的每个漏洞之间的依赖关系; 创建代表多个漏洞的每个漏洞的攻击状态的隐马尔可夫模型; 确定每个攻击状态在第一时间的利用可能性; 确定攻击状态的最可能的序列或路径; 以及基于攻击状态的序列或路径动态地识别一个或多个关键资产的风险。