Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Predicting attacks based on probabilistic game-theory

a probabilistic game theory and attack prediction technology, applied in the field of computer security, can solve the problems of inability to determine the goal of a targeted attacker and respond appropriately, detection and response systems do not provide adequate insight to system operators, and existing approaches that assume a small target set are impractical to use, so as to minimize the expected uncertainty of potential targets for defenders

Inactive Publication Date: 2013-11-28
IBM CORP
View PDF12 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent describes a method for identifying cyber-attack targets by collecting network information from sensors and using that information to create a tree-based model of the attacker's likely targets. The system calculates the likelihood of the attacker reaching each potential target and removes any edges in the network that would increase the defender's uncertainty over the potential targets. This method helps to improve the accuracy and effectiveness of identifying and protecting against cyber-attack targets.

Problems solved by technology

In practice, large networks can have hundreds of high-value servers, each one a possible target of attack, thus making it difficult to determine the goal of a targeted attacker and to respond appropriately.
At present, however, detection and response systems do not provide adequate insight to system operators as to how best to respond to a strategic attacker.
In real-life networks, targets are numerous and easily reachable, making existing approaches that assume a small target set impractical to use.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Predicting attacks based on probabilistic game-theory
  • Predicting attacks based on probabilistic game-theory
  • Predicting attacks based on probabilistic game-theory

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021]The present principles employ game theory to predict attacker targets. Using a probabilistic model of attacker behavior, the interactions between a network defender and attacker are modeled, allowing the defender to anticipate future steps of the attack and identify the most likely attack targets based on the observed network events. The present principles use attack scenario trees which represent the possible sequences of high-level attack steps that can be executed at different nodes of the network. This approach differs from the attack-response trees used previously, which represent attack steps within a single network host. Attack scenario trees can be constructed based on past incident reports.

[0022]The interaction between the defender and the attacker is modeled as a two-player Stackelberg game. The defender can use the model to further decrease uncertainty about attack target predictions by blocking specific network paths (and indirectly any attack steps that traverse t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Systems for determining cyber-attack target include a network monitor module configured to collect network event information from sensors in one or more network nodes; a processor configured to extract information regarding an attacker from the network event information, to form an attack scenario tree that encodes network topology and vulnerability information including a plurality of paths from known compromised nodes to a set of potential targets, to calculate a likelihood for each of the paths, to calculate a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker, to calculate a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker, and to determine a network graph edge to remove that minimizes a defender's expected uncertainty over the potential targets; and a network management module configured to remove the determined network graph edge.

Description

RELATED APPLICATION INFORMATION[0001]This application is a Continuation application of pending U.S. patent application Ser. No. 13 / 478,290 filed on May 23, 2012, incorporated herein by reference in its entirety.BACKGROUND[0002]1. Technical Field[0003]The present invention relates to computer security and, more particularly, to modeling instances and targets for in-progress attacks using probabilistic game theory.[0004]2. Description of the Related Art[0005]A large increase in the frequency of cybersecurity attacks has prompted industry and academia to find new ways to respond to the threat. Defensive mechanisms have been proposed in an attempt to detect and prevent attackers from reaching their targets, e.g., servers that store high-value data. In practice, large networks can have hundreds of high-value servers, each one a possible target of attack, thus making it difficult to determine the goal of a targeted attacker and to respond appropriately.[0006]In an enterprise network, whic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F21/00
CPCG06F21/00H04L63/20H04L63/1408G06F21/552G06Q10/06375
Inventor CHRISTODORESCU, MIHAIKORZHYK, DMYTROSAILER, REINERSCHALES, DOUGLAS LSTOECKLIN, MARC PHWANG, TING
Owner IBM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products