Automated execution and evaluation of network-based training exercises
US-9384677-B2 · Jul 5, 2016 · US
Automated execution and evaluation of network-based training exercises
US10068493B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10068493-B2 |
| Application number | US-201615199279-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 30, 2016 |
| Priority date | Feb 19, 2008 |
| Publication date | Sep 4, 2018 |
| Grant date | Sep 4, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises: receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements; selecting at least one source document that defines one or more rules for use by the target system; and configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee, wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system. 2. The method of claim 1 , wherein the one or more virtual network elements included in the network topology of the target system include one or more of a firewall device, a router, a web server, a workstation, a network connection, or a bridge. 3. The method of claim 1 , wherein receiving the model of the network topology of the target system comprises receiving user input via a graphical user interface to specify the one or more virtual network elements. 4. The method of claim 1 , wherein the at least one source document comprises one or more pre-defined documents. 5. The method of claim 1 , further comprising: customizing the at least one source document to alter the one or more rules used by the target system. 6. The method of claim 1 , wherein the one or more rules used by the target system comprise one or more setup rules for use in setting up a scenario of the computer-based training exercise. 7. The method of claim 1 , wherein the at least one source document comprises at least one first source document, and wherein providing the virtual environment further comprises: receiving a model of a network topology of the attack system, the network topology of the attack system including one or more virtual network elements; selecting at least one second source document that defines one or more rules for use by the attack system; and configuring the attack system based on the one or more rules defined by the at least one second source document, wherein configuring the attack system comprises providing one or more virtual machines of the attack system that correspond to the one or more virtual network elements included in the network topology of the attack system. 8. The method of claim 7 , wherein the one or more rules used by the attack system comprise one or more attack rules for use in initiating the simulated attack during the computer-based training exercise. 9. The method of claim 1 , further comprising: processing scenario traffic for the computer-based training exercise on a first communication channel; processing out-of-band data for the computer-based training exercise on a second communication channel that is distinct from the first communication channel, such that the out-of-band data does not interfere with the scenario traffic; and controlling the computer-based training exercise using the out-of-band data. 10. The method of claim 1 , further comprising: after the computer-based training exercise has completed execution, generating an automated evaluation of a performance of a human trainee who interacted with the one or more virtual machines of the target system during execution of the computer-based training exercise. 11. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause one or more processors to perform operations comprising: prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises: receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements; selecting at least one source document that defines one or more rules for use by the target system; and configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee, wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system. 12. The non-transitory computer-readable storage medium of claim 11 , wherein the one or more virtual network elements included in the network topology of the target system include one or more of a firewall device, a router, a web server, a workstation, a network connection, or a bridge. 13. The non-transitory computer-readable storage medium of claim 11 , wherein receiving the model of the network topology of the target system comprises receiving user input via a graphical user interface to specify the one or more virtual network elements. 14. The non-transitory computer-readable storage medium of claim 11 , wherein the at least one source document comprises one or more pre-defined documents. 15. The non-transitory computer-readable storage medium of claim 11 , wherein the operations further comprise: customizing the at least one source document to alter the one or more rules used by the target system. 16. The non-transitory computer-readable storage medium of claim 11 , wherein the at least one source document comprises at least one first source document, and wherein providing the virtual environment further comprises: receiving a model of a network topology of the attack system, the network topology of the attack system including one or more virtual network elements; selecting at least one second source document that defines one or more rules for use by the attack system; and configuring the attack system based on the one or more rules defined by the
Assignees
Inventors
Classifications
Electrically-operated educational appliances (working with questions and answers G09B7/00; simulators G09B9/00; advertising or displaying in general G09F) · CPC title
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
Simulators for teaching or training purposes (for the use of weapons F41; computing aspects G06; {protocols for games, networked simulations or virtual reality H04L67/131}) · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10068493B2 cover?
- This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system…
- Who is the assignee on this patent?
- Architecture Tech Corp
- What technology area does this patent fall under?
- Primary CPC classification G09B7/00. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 04 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).