Patent · US Active

Automatic generation of data-centric attack graphs

US10108803B2 · kind B2 · utility

20Cited by

6References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Suresh N. Chari · Yorktown Heights, US
Ashish Kundu · Elmsford, US
Ian M. Molloy · Chappaqua, US
Dimitrios Pendarakis · Westport, US
Josyula R. Rao · Briarcliff Manor, US

Key dates

Filing date	Mar 31, 2016
Grant date	Oct 23, 2018
Priority date	—
Expiry date	Nov 30, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Generating an attack graph is provided. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics corresponding to each component in the set of components of the regulated service is identified. The attack graph that includes nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between related components in the set of components is generated based on the vulnerability and risk metrics corresponding to each component in the set of components.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.