	US 11,838,307 B2
	Resource-efficient generation of analytical attack graphs
Alexander Basovskiy, Hod Ha'sharon (IL); Dmitry Kravchenko, Kefar Sava (IL); Avraham Dayan, Bnei Brak (IL); and Moshe Hadad, Rosh HaAyim (IL)
Assigned to Accenture Global Solutions Limited, Dublin (IE)
Filed by Accenture Global Solutions Limited, Dublin (IE)
Filed on Jul. 1, 2022, as Appl. No. 17/856,523.
Application 17/856,523 is a continuation of application No. 16/924,483, filed on Jul. 9, 2020, granted, now 11,411,976.
Prior Publication US 2022/0337617 A1, Oct. 20, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); G06F 16/22 (2019.01)

CPC H04L 63/1425 (2013.01) [G06F 16/2255 (2019.01)]

15 Claims

1. A computer-implemented method for executing one or more actions for cyber-security in an enterprise network, the method being executed by one or more processors and comprising:

evaluating a first sub-set of rules to provide a first set of impacts by applying one or more facts to each rule, including, for each rule, using a hash join operation to determine whether the rule results in an impact of the first set of impacts;

determining whether each goal in a set of goals has been achieved at least partially based on the first set of impacts, each goal being provided as an impact;

in response to determining that each goal in the set of goals has not been achieved, iteratively evaluating sub-sets of rules until each goal in the set of goals has been achieved;

removing one or more paths of an analytical attack graph (AAG) that is representative of potential lateral movement within the enterprise network, each of the one or more paths including one or more rules and resulting in an impact that is not a goal in the set of goals; and

storing the AAG to computer-readable memory.