AUTOMATICALLY CLASSIFYING AND SCORING OF NETWORK VULNERABILITIES

Organization Name

Robert Bosch GmbH

Inventor(s)

Zachariah Thomas Pelletier of Ypsilanti MI (US)

Golam Kayas of Philadelphia PA (US)

Timothy S. Arntson of Ypsilanti MI (US)

AUTOMATICALLY CLASSIFYING AND SCORING OF NETWORK VULNERABILITIES - A simplified explanation of the abstract

This abstract first appeared for US patent application 18185635 titled 'AUTOMATICALLY CLASSIFYING AND SCORING OF NETWORK VULNERABILITIES

The system described in the patent application involves a first electronic device with a display and an electronic processor that can analyze fuzzed data to determine its impact on a second electronic device.

• The electronic processor extracts text information from the fuzzed data and generates an input vector from this information.
• The input vector is then provided to a trained neural network to generate an output vector.
• The output vector is further processed by a second trained machine learning model to determine the likelihood of triggering a vulnerability in the second electronic device and classify the associated vulnerability.
• Based on the output variables, a display payload is generated, and revised computer executable instructions are created to prevent the second electronic device from malfunctioning in response to similar data.
• The revised instructions are then sent to the second electronic device to enhance its security and prevent vulnerabilities.

Potential Applications: - Cybersecurity systems for detecting and preventing vulnerabilities in electronic devices. - Automated security testing tools for software developers. - Enhancing the resilience of IoT devices against cyber attacks.

Problems Solved: - Identifying and addressing vulnerabilities in electronic devices. - Improving the security of software and hardware systems. - Automating the process of detecting and mitigating security risks.

Benefits: - Enhanced security for electronic devices. - Improved efficiency in identifying and addressing vulnerabilities. - Reduction in the risk of cyber attacks and data breaches.

Commercial Applications: Title: Automated Vulnerability Detection and Prevention System This technology can be used in cybersecurity companies to develop advanced security solutions for electronic devices, software, and networks. It can also be integrated into IoT devices to enhance their security features and protect against potential cyber threats.

Questions about the technology: 1. How does the system determine the likelihood of triggering a vulnerability in the second electronic device? The system uses a combination of trained neural networks and machine learning models to analyze the input vector and generate output variables that indicate the probability of a vulnerability being triggered.

2. What are the key components of the revised computer executable instructions sent to the second electronic device? The revised instructions are designed to prevent the second electronic device from malfunctioning when exposed to data similar to the fuzzed data. They may include patches, updates, or configuration changes to enhance the device's security posture.

Original Abstract Submitted

A system includes a first electronic device having a display and an electronic processor configured to: determine an execution log including fuzzed data, extract text information from the execution log, generate an input vector from the extracted text information, provide the input vector to a trained neural network to generate an output vector, provide the output vector to a second trained machine learning model to determine output variables indicative of (i) a likelihood that the fuzzed data triggers the vulnerability in a second electronic device and (ii) a classification associated with the vulnerability, generate a display payload based on the output variables, generate revised computer executable instructions configured to prevent the second electronic device from malfunctioning in response to the second electronic device receiving data similar to the fuzzed data, and send the revised computer executable instructions to the second electronic device.