US 12,244,638 B2
Method, product, and system for analyzing attack paths in computer network generated using a software representation that embodies network configuration and policy data for security management
Nicolas Beauchesne, Honolulu, HI (US); Sohrob Kazerounian, Brookline, MA (US); William Stow Finlayson, IV, Cherry Hill, NJ (US); and Karl Matthew Lynn, San Jose, CA (US)
Assigned to Vectra AI, Inc., San Jose, CA (US)
Filed by Vectra AI, Inc., San Jose, CA (US)
Filed on Apr. 1, 2022, as Appl. No. 17/711,884.
Prior Publication US 2023/0319100 A1, Oct. 5, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method comprising:
selecting possible attack paths in a computer network for processing, wherein the possible attack paths comprise sequences of state-to-state transitions, the possible attack paths in the computer network were identified by analyzing a software representation of the computer network and causing crash statements in the software representation to be executed, wherein execution of a crash statement in the software representation indicates that a state corresponding to a protected resource has been reached, and the software representation of the computer network was generated based on network configuration data and network policy data; and
processing the possible attack paths by:
identifying a plurality of candidate triggers from the sequences of state-to-state transitions in the possible attack paths, wherein the plurality of candidate triggers comprise at least subsets of respective sequences of state-to-state transitions, and the plurality of candidate triggers include sequences of state-to-state transitions having different numbers of state-to-state transitions;
ranking respective candidate triggers of the plurality of candidate triggers; and
selecting at least some of the respective candidate triggers based on their respective ranks.