Automatic generation of data-centric attack graphs

Assignee

• International Business Machines Corporation · US

Inventors

• Suresh N. Chari · Yorktown Heights, US
• Ashish Kundu · Elmsford, US
• Ian M. Molloy · Chappaqua, US
• Dimitrios Pendarakis · Westport, US
• Josyula R. Rao · Briarcliff Manor, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Generating an attack graph to protect sensitive data objects from attack is provided. The attack graph that includes nodes representing components in a set of components of a regulated service and edges between nodes representing relationships between related components in the set of components is generated based on vulnerability and risk metrics corresponding to each component. A risk score is calculated for each component represented by a node in the attack graph based on sensitivity rank and criticality rank corresponding to each respective component. Risk scores are aggregated for each component along each edge path connecting a node of a particular component to a node of a related component. In response to determining that an aggregated risk score of a component is greater than or equal to a risk threshold, an action is performed to mitigate a risk to sensitive data corresponding to the component posed by an attack.