Data behavioral tracking
US-2016080419-A1 · Mar 17, 2016 · US
Digital weapons factory and digital operations center for producing, deploying, assessing, and managing digital defects
US9544326B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9544326-B2 |
| Application number | US-201514600880-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 20, 2015 |
| Priority date | Jan 20, 2014 |
| Publication date | Jan 10, 2017 |
| Grant date | Jan 10, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of rapidly producing a new cyber response tool (e.g., in near-real-time) by matching vulnerabilities of enemy threats (e.g., a missile and/or a tank) to corresponding portions of other response tools that effectively exploit the matched vulnerability. An iterative framework may be utilized to repeatedly prioritize a set of cyber response tools based on a corresponding probability of success. For example, a computer or computer network may implement the iterative framework to carry out the probability computation and corresponding cyber response tool prioritization. If a total probability of success is below a given threshold (e.g., 95%), then creation of one or more new cyber response tools may be initiated. The probability of success may be a function of time (e.g., ten minutes before an expected launch) and/or a function of a phase of a lifecycle of the enemy threat (e.g., a launch phase).
First claim
Opening claim text (preview).
What is claimed is: 1. A method of rapidly producing a cyber response tool, the method comprising: detecting a threat object, during a first phase, with one or more sensor platforms; modeling a lifecycle of the detected threat object; identifying vulnerabilities of the lifecycle based on the model; providing a set of cyber response tools; determining whether each cyber response tool of a set of cyber response tools is effective in exploiting and manipulating the threat vulnerabilities based on an observation of the effectiveness of the cyber response tool by the one or more sensor platforms; identifying one or more effective portions of one or more of the cyber response tools that correspond to the identified vulnerabilities; creating a new cyber response tool based on the identified vulnerabilities and the one or more effective portions; and applying the new cyber response tool to the threat object and/or to a device that is operatively connectable to the threat object. 2. The method of rapidly producing a cyber response tool of claim 1 , wherein determining whether each cyber response tool is effective is a function of a probability of success of the cyber response tool against the enemy threat object. 3. The method of rapidly producing a cyber response tool of claim 2 , wherein the probability of success is a function of a second phase of the threat object. 4. The method of rapidly producing a cyber response tool of claim 3 , wherein the probability of success is based on a first time period. 5. The method of rapidly producing a cyber response tool of claim 4 , wherein the threat object includes a missile and the first time period is an amount of time before an expected launch of the missile. 6. The method of rapidly producing a cyber response tool of claim 3 , wherein the threat object includes a missile and the second phase is a deployment of the missile. 7. The method of rapidly producing a cyber response tool of claim 1 , wherein determining whether each cyber response tool is effective determines that none of the cyber response tools is effective. 8. The method of rapidly producing a cyber response tool of claim 7 , wherein identifying one or more effective portions is a function of a current phase of the threat object. 9. The method of rapidly producing a cyber response tool of claim 7 , wherein identifying one or more effective portions is a function of time. 10. The method of rapidly producing a cyber response tool of claim 7 , wherein identifying one or more effective portions includes identifying a digital control system attack that is effective for attacking a control system module of the threat object. 11. The method of rapidly producing a cyber response tool of claim 10 , wherein creating a new cyber response tool includes combining a portion of the digital control system attack with another portion of another cyber response tool. 12. The method of rapidly producing a cyber response tool of claim 1 , wherein the new cyber response tool includes a computer virus. 13. The method of rapidly producing a cyber response tool of claim 1 , wherein applying the new cyber response tool includes sending the cyber response tool through a computer network to a digital module in the threat object. 14. The method of rapidly producing a cyber response tool of claim 1 , wherein applying the new cyber response tool includes sending the cyber response tool through a computer network to a manufacturing device configured to manufacture a portion of the threat object. 15. The method of rapidly producing a cyber response tool of claim 1 , wherein the new cyber response tool includes a plurality of portions cyber response tools from the set of cyber response tools. 16. The method of rapidly producing a cyber response tool of claim 1 , wherein creating a new cyber response tool includes creating a plurality of new cyber response tools within an hour. 17. The method of rapidly producing a cyber response tool of claim 16 , further comprising: determining that the plurality of new cyber response tools is effective against one or more of the identified vulnerabilities. 18. The method of rapidly producing a cyber response tool of claim 1 , wherein modeling the lifecycle includes a plurality of phases of the threat object. 19. A method of rapidly producing a cyber response tool, the method comprising: detecting a threat object, during a first phase, with one or more sensor platforms; modeling a lifecycle of the detected threat object; identifying vulnerabilities of the lifecycle based on the model; searching for a cyber response tool in a set of cyber response tools in a database; determining whether each cyber response tool of a set of cyber response tools is effective in exploiting and manipulating the threat vulnerabilities based on an observation of the effectiveness of the cyber response tool by the one or more sensor platforms; identifying one or more effective portions of one or more of the cyber response tools that correspond to the identified vulnerabilities; creating a new cyber response tool based on the identified vulnerabilities and the one or more effective portions; and applying the new cyber response tool to the threat object and/or to a device that is operatively connectable to the threat object. 20. A system for rapidly producing a cyber response tool, the system comprising: a detection module for detecting a threat object, during a first phase, with one or more sensor platforms; a modeling module for modeling a lifecycle of the detected threat object; an identification module for identifying vulnerabilities of the lifecycle based on the model; a storage module for providing a set of cyber response tools; a determination module for determining whether each cyber response tool of a set of cyber response tools is effective in exploiting and manipulating the threat vulnerabilities based on an observation of the effectiveness of the cyber response tool by the one or more sensor platforms; a second identification module for identifying one or more effective portions of one or more of the cyber response tools that correspond to the identified vulnerabilities; a matching module for creating a new cyber response tool based on the identified vulnerabilities and the one or more effective portions; and an implementation module for applying the new cyber response tool to the threat object and/or to a device that is operatively connectable to the threat object.
Assignees
Inventors
Classifications
Defence installations; Defence devices (constructional aspects see Section E, e.g. {air-raid shelters} E04H9/04; {protective arrangements for buildings E04B1/92; extinguishing or preventing the spread of fire from, incendiary bombs A62C3/06; dynamic armour F41H5/007; ballistically deployed systems for restraining persons or animals F41H13/0006; electronic countermeasures G01S}) · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9544326B2 cover?
- A method of rapidly producing a new cyber response tool (e.g., in near-real-time) by matching vulnerabilities of enemy threats (e.g., a missile and/or a tank) to corresponding portions of other response tools that effectively exploit the matched vulnerability. An iterative framework may be utilized to repeatedly prioritize a set of cyber response tools based on a corresponding probability of su…
- Who is the assignee on this patent?
- Raytheon Co
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).