20250175482. Network Monitoring Multiple Attack Gr (BRITISH TELECOMMUNICATIONS PUBLIC LIMITED)
NETWORK MONITORING WITH MULTIPLE ATTACK GRAPHS
Abstract: a computer-implemented method for monitoring a computer network is provided, the method comprising: storing a first attack graph, the attack graph comprising a plurality of nodes each representing an event that may occur within the computer network; storing one or more predetermined variation properties of one or more of the events represented by the nodes, the variation properties being indicative of possible changes to the nodes within the first attack graph; determining a plurality of possible alternative sequences of the nodes in the first attack graph based on the variation properties; generating a plurality of additional attack graphs, each of the additional attack graphs comprising a plurality of the nodes of the first attack graph arranged in one of the possible sequences; and monitoring events within the network to detect a set of events occurring in a sequence that corresponds to one of the additional attack graphs to identify a potential security attack. a computer system including at least one processor and memory storing computer program code configured to perform the said method, and a computer program or computer readable medium comprising instructions that when executed by a computer system cause the computer system to perform the said method are also provided.
Inventor(s): Ian HERWONO, Fadi EL-MOUSSA
CPC Classification: H04L63/1425 ({Traffic logging, e.g. anomaly detection})
Search for rejections for patent application number 20250175482