Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Validation of security monitoring through automated attack testing
US2018239902A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018239902-A1 |
| Application number | US-201715438435-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 21, 2017 |
| Priority date | Feb 21, 2017 |
| Publication date | Aug 23, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, devices, and methods of an automatic attack testing framework for the security testing of an operational service are disclosed. In an example, such systems, devices, and methods may include operations that: deploy command instructions and a payload for a bot process to a computing device located within a target infrastructure, with the command instructions being selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and with the bot process being executed on the computing device and being started with use of the command instructions and the payload; communicate with the computing device to control the automated attack action within the target infrastructure, such that the automated attack action is performed within the bot process; and obtain results of the automated attack action performed within the bot process from the computing device.
First claim
Opening claim text (preview).
What is claimed is: 1 . A computing device, comprising: a processor, and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processor, configure the processor to perform electronic operations that: deploy command instructions and a payload for a bot process to a target computing device located within a target infrastructure, wherein the command instructions are selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is executed on the target computing device and is started with use of the command instructions and the payload; communicate with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is performed within the bot process; and obtain results of the automated attack action performed within the bot process from the target computing device. 2 . The computing device of claim 1 , wherein the instructions configure the processor to perform further electronic operations that: deploy a communication configuration to the target computing device, wherein the communication configuration is used to communicate a network location to enable the target computing device to obtain the command instructions and the payload. 3 . The computing device of claim 2 , wherein the communication configuration is provided in a script that is executable by the target computing device, wherein execution of the script causes the target computing device to retrieve the command instructions and the payload from the network location. 4 . The computing device of claim 1 , wherein the command instructions deployed to the target computing device define a life span of the bot process, an identifier of the bot process, and information to securely communicate with the computing device, and wherein the automated attack action is designated for performance by the target computing device based on the identifier of the bot process. 5 . The computing device of claim 1 , wherein the instructions configure the processor to perform further electronic operations that: log the results of the automated attack action performed within the bot process from the target computing device. 6 . The computing device of claim 1 , wherein the target computing device is a server of a plurality of servers in the target infrastructure, wherein respective command instructions and payloads are deployed to the plurality of servers, wherein respective bot processes are started among the plurality of servers, and wherein the respective bot processes are used to perform additional automated attack actions respectively. 7 . The computing device of claim 1 , wherein the automated attack action is included in a set of automated attack actions of a scenario, and wherein the scenario is initiated by the computing device in a recurring, automated fashion. 8 . The computing device of claim 1 , wherein the automated attack action is performed with a remote access toolkit selected from a library of toolkits. 9 . The computing device of claim 1 , the instructions to configure the processor to perform further electronic operations that: provide a command to the target computing device to start a second bot process on the target computing device, wherein the second bot process is executed on the target computing device and is started with use of the payload, and wherein information obtained from the second bot process is used to perform a further automated attack action with the bot process. 10 . The computing device of claim 9 , wherein an identifier of the bot process and an identifier of the second bot process are associated with a defined scenario, wherein the bot process and the second bot process are used to coordinate automated attack actions of the defined scenario. 11 . A non-transitory device-readable storage medium, the device-readable storage medium including instructions that, when executed by a processor and memory of a computing device, causes the computing device to perform operations that: deploy command instructions and a payload for a bot process to a target computing device located within a target infrastructure, wherein the command instructions are selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is executed on the target computing device and is started with use of the command instructions and the payload; communicate with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is performed within the bot process; and obtain results of the automated attack action performed within the bot process from the target computing device. 12 . The device-readable storage medium of claim 11 , wherein the command instructions deployed to the target computing device define a life span of the bot process, an identifier of the bot process, and information to securely communicate with the computing device, and wherein the automated attack action is designated for performance by the target computing device based on the identifier of the bot process. 13 . The device-readable storage medium of claim 11 , wherein the automated attack action is included in a set of automated attack actions of a scenario, and wherein the scenario is initiated by the computing device in a recurring, automated fashion. 14 . The device-readable storage medium of claim 11 , wherein the automated attack action is performed with a remote access toolkit selected from a library of toolkits. 15 . The device-readable storage medium of claim 11 , wherein the instructions further cause the computing device to perform operations that: provide a command to the target computing device to start a second bot process on the target computing device, wherein the second bot process is executed on the target computing device and is started with use of the payload, and wherein information obtained from the second hot process is used to perform a further automated attack action with the bot process; wherein an identifier of the bot process and an identifier of the second bot process are associated with a defined scenario, wherein the bot process and the second bot process are used to coordinate automated attack actions of the defined scenario. 16 . A method, comprising a plurality of electronic operations executed with a processor and memory of a computing device, the plurality of electronic operations including: deploying command instructions and a payload for a bot process to a target computing device located within a target infrastructure, wherein the command instructions are selected based on criteria to test a security feature in the target infrastructure with an automated attack action in the bot process, and wherein the bot process is executed on the target computing device and is started with use of the command instructions and the payload; communicating with the target computing device to control the automated attack action within the target infrastructure, wherein the automated attack action is performed within the bot process; and obtaining results of the automated attack action performed within the bot process from the target computing device. 17 . The method of claim 16 , wherein the command instructions deployed to the target computing device define a life span of the bot process, an identifier of the
Assignees
Inventors
Classifications
Vulnerability analysis · CPC title
Test or assess a computer or a system · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
involving long-term monitoring or reporting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018239902A1 cover?
- Systems, devices, and methods of an automatic attack testing framework for the security testing of an operational service are disclosed. In an example, such systems, devices, and methods may include operations that: deploy command instructions and a payload for a bot process to a computing device located within a target infrastructure, with the command instructions being selected based on crite…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Aug 23 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).