Patents /

K-zero day safety

Inventors

Jajodia, SushilWang, LingyuNoel, StevenSinghal, Anoop

Assignees

George Mason UniversityNational Institute of Standards and Technology NISTGeorge Mason Research Foundation Inc

Publication Number

US-9325729-B2

Publication Date

2016-04-26

Expiration Date

2032-01-11

Interested in licensing this patent?

MTEC can help explore whether this patent might be available for licensing for your application.

Abstract

Systems and methods for determining a safety level of a network vulnerable to attack from at least one origin to at least one target are described. Machines, components, and vulnerabilities in a network may be associated to one another. Degrees of similarity among the vulnerabilities may be determined and subsets of vulnerabilities may be grouped based on their determined degrees of similarity to one another. This data may be used to generate an attack graph describing exploitation of vulnerabilities and grouped vulnerabilities and defining vulnerability exploit condition relationships between at least one origin and at least one target. The attack graph may be analyzed using a k-zero day metric function to determine a safety level.

Core Innovation

The invention concerns systems and methods for determining a safety level of a network that is vulnerable to attacks from at least one origin to at least one target. The approach involves associating machines, components, and vulnerabilities in a network, determining degrees of similarity among vulnerabilities, grouping subsets based on similarity, and generating an attack graph describing exploitation of these vulnerabilities and their relationships between origins and targets. This attack graph is then analyzed using a k-zero day metric function to determine the safety level of the network.

The problem being solved is the evaluation and measurement of network security, specifically in terms of resistance to zero day vulnerabilities—vulnerabilities whose details are unknown but meet certain pre- and post-conditions of exploitation. Existing network scanning approaches may not sufficiently reveal network exposure to zero day attacks, especially considering indirect exploit paths and unknown vulnerabilities. The invention addresses how to model, analyze, and quantify a network's resistance to multiple zero day exploits, thereby providing a metric, the k-zero day metric, representing the minimum number of distinct zero day exploits required to compromise a network or asset.

The invention further provides a method for generating a detailed network model including hosts, services, privileges, vulnerabilities, and exploits. This model leads to the creation of a zero day attack graph that incorporates zero day and known vulnerabilities with their pre- and post-conditions. Metrics on the attack graph can then be computed to assess the network’s security posture. This enables quantification, via the k-zero day safety metric, of how many distinct zero day vulnerabilities an attacker would need to succeed, allowing network operators to harden the network accordingly by increasing this metric.

Claims Coverage

The patent includes multiple independent claims covering methods, computer systems, and computer network systems for determining a network's safety level using k-zero day metrics and performing hardening based thereon.

Method for determining network safety using k-zero day metric

A method that associates machines with components and vulnerabilities, generates an attack graph describing exploitation between origin and target components, analyzes the graph using a k-zero day metric function based on distinct zero day exploits needed to compromise the target, then determines the safety level, and performs hardening based on this level.

Analysis of attack graph to determine minimum distinct zero day exploits

Iterative application of the k-zero day metric function on the attack graph to find the minimum number of exploitable distinct zero day vulnerabilities required to compromise the target component, representing the safety level.

Analysis of whether target can be compromised by specific number of zero day exploits

Using the k-zero day metric function to assess if the target component cannot be compromised by a predefined number of distinct zero day exploits and setting the safety level as an indication of this inability.

Components defined as units of computational processing contributing to attack vulnerability

Specification that each component in the network may be any unit of computational processing capable of contributing to a network attack vulnerability.

Generation and visual presentation of attack graph

Capability to generate a visual representation of the attack graph depicting exploit condition relationships between components.

Applicability to various network types including cloud networks

The system or method can apply to networks including cloud networks, supporting their security evaluation.

Computer system configured to perform the above methods with scanning or data acquisition capabilities

A computer system constructed to associate machines, components, and vulnerabilities; generate and analyze attack graphs with the k-zero day metric; determine safety level; and include features such as scanning the network or receiving data and generating visual attack graphs, integrated to produce a hardened network based on the determined safety.

The claims encompass methods, computer systems, and network systems for modeling networks, generating attack graphs of vulnerabilities, applying a k-zero day metric to analyze the minimum distinct zero day exploits for compromise, determining safety levels, and performing network hardening based on these determinations.

Stated Advantages

The k-zero day metric provides a quantitative measure of network security reflecting resistance to multiple unknown zero day attacks.

The metric enables network operators to evaluate the effects of hardening efforts and to compare relative security risks of different network configurations.

The approach supports modeling both known and unknown vulnerabilities and accounts for exploit relationships, yielding conservative but actionable security assessments.

The metric allows prioritization of security improvements such as increasing service diversity, strengthening isolation, and enforcing access controls based on measured safety levels.

Documented Applications

Evaluating security and hardening computer networks by determining the number of distinct zero day vulnerabilities required to compromise network assets.

Using the k-zero day safety metric to assess cloud networks or other networks vulnerable to attack for improved security management.

Modeling and analyzing networks to generate attack graphs depicting vulnerabilities and exploit paths to compute safety levels that support network defense planning and prioritization.

JOIN OUR MAILING LIST

Stay Connected with MTEC

Keep up with active and upcoming solicitations, MTEC news and other valuable information.