NetSPA: Network Security Planning Architecture for Enterprise Scale Networks

Exclusively Licensed

In one aspect, a method to generate an attack graph includes determining if a potential node provides a first precondition equivalent to one of preconditions provided by a group of preexisting nodes on the attack graph. The group of preexisting nodes includes a first state node, a first vulnerability instance node, a first prerequisite node, and a second state node. The method also includes, if the first precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling a current node to a preexisting node providing the precondition equivalent to the first precondition using a first edge and if the first precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generating the potential node as a new node on the attack graph and coupling the new node to the current node using a second edge.

Researchers

Richard Lippmann / Keith Piwowarski / Kyle Ingols / Kendra Kratkiewicz / Chris Scott / Robert Cunningham

Departments: Lincoln Laboratory
Technology Areas: Artificial Intelligence (AI) and Machine Learning (ML) / Computer Science: Cybersecurity, Networking & Signals
Impact Areas: Connected World

  • generating a multiple-prerequisite attack graph
    United States of America | Granted | 9,344,444
  • generating a multiple-prerequisite attack graph
    United States of America | Granted | 7,971,252

Sign up for technology updates

Sign up now to receive the latest updates on cutting-edge technologies and innovations.

More Technologies