US 12,464,006 B2
System and method for graphical reticulated attack vectors for internet of things aggregate security (gravitas)
Jacob Brown, Toronto (CA); Tanujay Saha, Princeton, NJ (US); and Niraj K. Jha, Princeton, NJ (US)
Assigned to The Trustees of Princeton University, Princeton, NJ (US)
Appl. No. 18/027,765
Filed by The Trustees of Princeton University, Princeton, NJ (US)
PCT Filed Sep. 20, 2021, PCT No. PCT/US2021/051022
§ 371(c)(1), (2) Date Mar. 22, 2023,
PCT Pub. No. WO2022/066551, PCT Pub. Date Mar. 31, 2022.
Claims priority of provisional application 63/081,390, filed on Sep. 22, 2020.
Prior Publication US 2023/0328094 A1, Oct. 12, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1433 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01)] 39 Claims
OG exemplary drawing
 
1. A system for detecting security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices, the system comprising one or more processors configured to:
construct an attack directed acyclic graph (DAG) unique to each CPS or IoT device of the devices, each attack DAG comprising a first plurality of nodes, each node of the first plurality representing a system-level operation of the device, a plurality of paths, each path representing an attack vector of the device, and a second plurality of nodes, each node of the second plurality representing an exploit goal of the device;
generate an aggregate attack DAG from a classification of each device and a location of each device in network topology specified by a system administrator, where classification comprises at least one of a purpose and physical limitation of the device;
calculate a vulnerability score and exploit risk score for each node in the aggregate attack DAG; and
optimize placement of defenses to reduce an adversary score of the aggregate attack DAG.