K-zero day safety

Assignees

• Government of the United States of America, as represented by the Secretary of Commerce · US
• National Institute of Standards and Technology · US
• George Mason Intellectual Properties, Inc. · US

Inventors

• Sushil Jajodia · Oakton, US
• Lingyu Wang · Montréal, CA
• Steven E. Noel · Salem, US
• Anoop Singhal · Santa Clara, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/577
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods for determining a safety level of a network vulnerable to attack from at least one origin to at least one target are described. Machines, components, and vulnerabilities in a network may be associated to one another. Degrees of similarity among the vulnerabilities may be determined and subsets of vulnerabilities may be grouped based on their determined degrees of similarity to one another. This data may be used to generate an attack graph describing exploitation of vulnerabilities and grouped vulnerabilities and defining vulnerability exploit condition relationships between at least one origin and at least one target. The attack graph may be analyzed using a k-zero day metric function to determine a safety level.