US 12,335,310 B2
System and method for collaborative cybersecurity defensive strategy analysis utilizing virtual network spaces
Jason Crabtree, Vienna, VA (US); and Andrew Sellers, Monument, CO (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Aug. 11, 2021, as Appl. No. 17/399,554.
Application 17/399,554 is a continuation in part of application No. 16/792,754, filed on Feb. 17, 2020, granted, now 11,184,401.
Application 16/792,754 is a continuation in part of application No. 16/779,801, filed on Feb. 3, 2020, granted, now 11,032,323, issued on Jun. 8, 2021.
Application 16/779,801 is a continuation in part of application No. 16/777,270, filed on Jan. 30, 2020, granted, now 11,025,674, issued on Jun. 1, 2021.
Application 16/777,270 is a continuation in part of application No. 16/720,383, filed on Dec. 19, 2019, granted, now 10,944,795, issued on Mar. 9, 2021.
Application 16/720,383 is a continuation of application No. 15/823,363, filed on Nov. 27, 2017, granted, now 10,560,483, issued on Feb. 11, 2020.
Application 15/823,363 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/655,113 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/616,427 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/141,752 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 15/141,752 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Prior Publication US 2022/0078210 A1, Mar. 10, 2022
Int. Cl. H04L 29/06 (2006.01); G06F 16/2458 (2019.01); G06F 16/951 (2019.01); H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [G06F 16/2477 (2019.01); G06F 16/951 (2019.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system for collaborative cybersecurity defensive strategy analysis utilizing virtual network spaces, comprising:
an attack implementation engine comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to:
execute a cyberattack on a network under test; and
gather system information about the operation of the network under test during the cyberattack, the system information comprising information about the sequence of events and response of affected devices during the cyberattack; and
a virtual network space manager comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to:
receive a plurality of input data, the plurality of input data comprising at least one of:
cyber data, sensor data, enrichment data, third party data, cyber physical graph data, and analytic workflow data; and
combine the system information with the plurality of received input data to create a virtual network space model of the network under test; and
a machine learning simulator comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the computing device to:
use the system information to initiate an iterative simulation of a cyberattack strategy sequence, each iteration comprising a simulated attack on the virtual network space model of the network under test and a simulated defense against the simulated attack, each simulated attack being generated by a first machine learning algorithm; and
obtain a simulation result comprising the cyberattack strategy sequence and a probability of success of the attack and the defense in each iteration; and
a simulated interaction engine comprising a fourth plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the fourth plurality of programming instructions, when operating on the processor, cause the computing device to:
connect two or more real or virtual actors to the virtual network space model;
capture a first interaction and a second interaction between the two or more real or virtual actors, wherein an interaction comprises an action and response; and
produce an update for at least one of the virtual network space model, the network under test, or the simulation of a cyberattack strategy based on the simulation result and the first and second interaction.