公开(公告)号：US20150332054A1

公开(公告)日：2015-11-19

申请号：US14279869

申请日：2014-05-16

Applicant: Raytheon BBN Technologies Corp.

Inventor： Christopher R. Eck ,  Suzanne P. Hassell ,  Brian J. Mastropietro ,  Paul F. Beraud, III

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/55 ,  G06F21/552 ,  H04L63/1416 ,  H04L63/1433

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract translation: 这里通常讨论的是识别网络威胁存在或预测网络中的网络威胁的未来轨迹的系统，装置或过程。 根据一个示例，用于识别网络威胁的过程可以包括：（1）基于所接收的网络布局数据来确定网络的网络布局;（2）接收指示在网络上执行的动作的网络传感器数据，（3） 与网络传感器数据相关联的第一个分数，指示网络威胁存在于网络中，将网络威胁的网络威胁概况与网络威胁所执行的动作进行比较，以及网络传感器数据所指示的动作;（4）确定是否 所计算的第一分数大于指定的阈值，或（5）响应于确定所计算的第一分数确定网络威胁存在大于指定的阈值。

公开(公告)号：US09367694B2

公开(公告)日：2016-06-14

申请号：US14279869

申请日：2014-05-16

Applicant: Raytheon BBN Technologies Corp.

Inventor： Christopher R. Eck ,  Suzanne P. Hassell ,  Brian J. Mastropietro ,  Paul F. Beraud, III

IPC: G06F21/57 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/577 ,  G06F21/55 ,  G06F21/552 ,  H04L63/1416 ,  H04L63/1433

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract translation: 这里通常讨论的是识别网络威胁存在或预测网络中的网络威胁的未来轨迹的系统，装置或过程。 根据一个示例，用于识别网络威胁的过程可以包括：（1）基于所接收的网络布局数据来确定网络的网络布局;（2）接收指示在网络上执行的动作的网络传感器数据，（3） 与网络传感器数据相关联的第一个分数，指示网络威胁存在于网络中，将网络威胁的网络威胁概况与网络威胁所执行的动作进行比较，以及网络传感器数据所指示的动作;（4）确定是否 所计算的第一分数大于指定的阈值，或（5）响应于确定所计算的第一分数确定网络威胁存在大于指定的阈值。