System and method for emulating a multi-stage attack on a node within a target network

Assignee

• AttackIQ, Inc. · US

Inventors

• Rajesh Sharma · Colorado Springs, US
• Jeremy Miller · Statesville, US
• Stephan Chenette · San Diego, US
• Albert Lopez · San Diego, US
• Shubhi Mittal · San Diego, US
• Andres Gazzoli · San Diego, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method includes: accessing an attack record defining actions representing a previous known attack on a second computer network; initializing an attack graph; for each action, defining a set of behaviors—analogous to the action and executable by an asset on a target network to emulate an effect of the action on the second computer network—and storing the set of behaviors in a node in the attack graph; connecting nodes in the attack graph according to an order of actions in the known attack; scheduling the asset to selectively execute analogous behaviors stored in the set of nodes in the attack graph; accessing alerts generated by a set of security tools deployed on the target network; and characterizing vulnerability of the target network based on alerts, in the set of alerts, indicating detection and prevention of behaviors executed by the asset according to the attack graph.