Network protection system using linkographs
| DWPI Title: Method for managing attack on computer system, involves identifying protective action to take with respect to computer system using graph of actions taken by adversary |
| Abstract: A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary. |
| Use: Method for managing attack on computer system. |
| Advantage: The current attack on computer system is managed to reduce or prevent damage from a current ongoing attack. |
| Novelty: The method involves identifying (1000) actions taken by an adversary in the computer system by a computer. The links connecting the actions is identified (1002) over time using an ontology defining linking rules for linking the actions over time. The graph of the actions is created (1004) with the links connecting the actions over time, and the graph shows a number of patterns of behavior for the adversary. The protective action is identified (1006) to take with respect to the computer system using the graph of the actions taken by the adversary. |
| Filed: 12/18/2015 |
| Application Number: US14975502A |
| Tech ID: SD 13507.0 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |