Methods and Systems for Detecting Malware and Attacks that Target Behavioral Security Mechanisms of a Mobile Device
US-2016029221-A1 · Jan 28, 2016 · US
Synthetic cyber-risk model for vulnerability determination
US10044746B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10044746-B2 |
| Application number | US-201715400870-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2017 |
| Priority date | Nov 11, 2014 |
| Publication date | Aug 7, 2018 |
| Grant date | Aug 7, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network's resources in accordance with predefined service-level agreements.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: receiving information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives; using the information, mapping one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network; determining one or more agents to execute the one or more instructions; initiating execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receiving feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network; using the feedback, determining whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and responsive to determining that one of the multiple steps has failed, replacing at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network. 2. The method of claim 1 , wherein the feedback identifies whether one or more host devices or one or more security devices in the target network initiated at least one action related to the cyberthreat in response to the simulated existence of the cyberthreat. 3. The method of claim 1 , wherein: the cyberthreat comprises a malware; and the one or more instructions when executed by the one or more agents create an appearance of the malware in the target network by at least one of: creating a specific file; creating a network communication on a specific port or to a specific destination; creating or accessing a user account, directory, or registry; or altering a service. 4. The method of claim 1 , wherein: the target network comprises multiple host devices; and the method further comprises determining one or more of the host devices on which the one or more agents execute the one or more instructions. 5. The method of claim 1 , wherein: the information associated with the cyberthreat comprises at least one of: one or more threat indicators, one or more behaviors, or the one or more objectives of the cyberthreat; and mapping the one or more characteristics of the cyberthreat into the one or more instructions comprises identifying one or more instructions that simulate at least one of: the one or more threat indicators, the one or more behaviors, or the one or more objectives of the cyberthreat. 6. The method of claim 1 , further comprising, in response to detecting that the target network fails to adequately respond to the simulated existence of the cyberthreat within the target network: updating at least one of: one or more host devices in the target network or one or more security devices in the target network; and at least one of: (i) reinitiating execution of the one or more instructions to again simulate the existence of the cyberthreat within the target network or (ii) initiating execution of one or more additional instructions to simulate an existence of an additional cyberthreat within the target network. 7. The method of claim 1 , wherein the one or more instructions are a subset of a set of instructions of the cyberthreat such that the set of instructions includes at least one additional instruction not included in the subset. 8. The method of claim 1 , further comprising: using the feedback, modifying at least one instruction of the one or more instructions for additional execution of the cyberthreat by the one or more agents or one or more additional agents in the target network. 9. A non-transitory computer readable storage medium containing computer-executable instructions that, when executed by at least one processor, cause the at least one processor to: receive information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives; using the information, map one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network; determine one or more agents to execute the one or more instructions; initiate execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receive feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network; using the feedback, determine whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and responsive to determining that one of the multiple steps has failed, replace at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network. 10. The non-transitory computer readable storage medium of claim 9 , wherein the feedback identifies whether one or more host devices or one or more security devices in the target network initiated at least one action related to the cyberthreat in response to the simulated existence of the cyberthreat. 11. The non-transitory computer readable storage medium of claim 9 , wherein: the cyberthreat comprises a malware; and the one or more instructions when executed by the one or more agents create an appearance of the malware in the target network by at least one of: creating a specific file; creating a network communication on a specific port or to a specific destination; creating or accessing a user account, directory, or registry; or altering a service. 12. The non-transitory computer readable storage medium of claim 9 , wherein: the target network comprises multiple host devices; and the non-transitory computer readable storage medium further contains computer-executable instructions that when executed cause the at least one processor to determine one or more of the host devices on which the one or more agents execute the one or more instructions. 13. The non-transitory computer readable storage medium of claim 9 , wherein: the information associated with the cyberthreat comprises at least one of: one or more threat indicators, one or more behaviors, or the one or more objectives of the cyberthreat; and the computer-executable instructions that when executed cause the at least one processor to map the one or more characteristics of the cyberthreat into the one or more instructions comprise: computer-executable instructions that when executed cause the at least one processor to identify one or more instructions that simulate at least one of: the one or more threat indicators, the one or more behaviors, or the one or more objectives of the cyberthreat. 14. The non-transitory computer readable storage medium of claim 9 , further containing computer-executable instructions that when executed cause the at least one processor, in response to detecting that the target network fails to adequately respond to the simulated existence of the cyberthreat within the target network, to: update at least one of: one or more host devices in the target network or one or more
Assignees
Inventors
Classifications
Testing arrangements · CPC title
characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability (for optimising operational conditions of wireless networks H04W24/02) · CPC title
Fully automatic configuration · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
for predicting network behaviour · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10044746B2 cover?
- A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether …
- Who is the assignee on this patent?
- Goldman Sachs & Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 07 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).