Patents by Inventor William M.S. Stout
William M.S. Stout has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11720391Abstract: A method of automating emulations is provided. The method comprising collecting publicly available network data over a predefined time interval, wherein the collected network data might comprise structured and unstructured data. Any unstructured data is converted into structured data. The original and converted structured data is stored in a database and compared to known network vulnerabilities. An emulated network is created according to the collected network data and the comparison of the structured data with known vulnerabilities. Virtual machines are created to run on the emulated network. Director programs and guest actor programs are run on the virtual machines, wherein the actor programs imitate real user behavior on the emulated network. The director programs deliver task commands to the guest actor programs to imitate real user behavior. The imitated behavior is presented to a user via an interface.Type: GrantFiled: November 10, 2020Date of Patent: August 8, 2023Assignee: National Technology & Engineering Solutions of Sandia, LLCInventors: Vincent Urias, Brian P. Van Leeuwen, William M. S. Stout, Michael Kunz
-
Patent number: 11677668Abstract: A computer-implemented method of deep packet inspection (DPI) in a network is provided. The method comprises collecting data packets comprising a number of traffic flows from a number of devices via a number of traffic taps and classifying each traffic flow according to data about network protocol layers of the packets comprising the traffic flow. Application layer metadata is extracted from the packets. Traffic flow classification data and the extracted metadata are ingested into a data cluster and normalized. The normalized classification data and extracted metadata is then correlated to other data sets.Type: GrantFiled: August 12, 2021Date of Patent: June 13, 2023Assignee: National Technology & Engineering Solutions of Sandia, LLCInventors: Vincent Urias, Brian P. Van Leeuwen, William M. S. Stout
-
Publication number: 20220147379Abstract: A method of automating emulations is provided. The method comprising collecting publicly available network data over a predefined time interval, wherein the collected network data might comprise structured and unstructured data. Any unstructured data is converted into structured data. The original and converted structured data is stored in a database and compared to known network vulnerabilities. An emulated network is created according to the collected network data and the comparison of the structured data with known vulnerabilities. Virtual machines are created to run on the emulated network. Director programs and guest actor programs are run on the virtual machines, wherein the actor programs imitate real user behavior on the emulated network. The director programs deliver task commands to the guest actor programs to imitate real user behavior. The imitated behavior is presented to a user via an interface.Type: ApplicationFiled: November 10, 2020Publication date: May 12, 2022Inventors: Vincent Urias, Brian P. Van Leeuwen, William M.S. Stout, Michael Kunz
-
Patent number: 11113388Abstract: A system, method, and device for cloud forensics and incident response is provided. In an embodiment, a computer-implemented method for performing cloud forensics and incident response includes intercepting, by a cloud incident response module (CIRM), communication between a virtual machine (VM) and a hypervisor. The method also includes extracting, by the CIRM, data from the communication between the VM and the hypervisor according to a forensic policy. Intercepting and extracting the data are transparent to the VM and to the hypervisor. Intercepting and extracting the data are independent of the VM and the hypervisor.Type: GrantFiled: July 31, 2018Date of Patent: September 7, 2021Assignee: National Technology & Engineering Solutions of Sandia, LLCInventors: Vincent Urias, Caleb Loverro, William M.S. Stout
-
Publication number: 20200042698Abstract: A system, method, and device for cloud forensics and incident response is provided. In an embodiment, a computer-implemented method for performing cloud forensics and incident response includes intercepting, by a cloud incident response module (CIRM), communication between a virtual machine (VM) and a hypervisor. The method also includes extracting, by the CIRM, data from the communication between the VM and the hypervisor according to a forensic policy. Intercepting and extracting the data are transparent to the VM and to the hypervisor. Intercepting and extracting the data are independent of the VM and the hypervisor.Type: ApplicationFiled: July 31, 2018Publication date: February 6, 2020Inventors: Vincent Urias, Caleb Loverro, William M.S. Stout
-
Patent number: 9985984Abstract: The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization.Type: GrantFiled: October 26, 2015Date of Patent: May 29, 2018Assignee: National Technology & Engineering Solutions of Sandia, LLCInventors: Adrian R. Chavez, William M. S. Stout, Jason R. Hamlet, Erik James Lee, Mitchell Tyler Martin
-
Patent number: 9742804Abstract: A method and apparatus for protecting virtual machines. A computer system creates a copy of a group of the virtual machines in an operating network in a deception network to form a group of cloned virtual machines in the deception network when the group of the virtual machines is accessed by an adversary. The computer system creates an emulation of components from the operating network in the deception network. The components are accessible by the group of the cloned virtual machines as if the group of the cloned virtual machines was in the operating network. The computer system moves network connections for the group of the virtual machines in the operating network used by the adversary from the group of the virtual machines in the operating network to the group of the cloned virtual machines, enabling protecting the group of the virtual machines from actions performed by the adversary.Type: GrantFiled: October 28, 2015Date of Patent: August 22, 2017Assignee: National Technology & Engineering Solutions of Sandia, LLCInventors: Vincent Urias, William M. S. Stout, Caleb Loverro
-
Publication number: 20170126736Abstract: A method and apparatus for protecting virtual machines. A computer system creates a copy of a group of the virtual machines in an operating network in a deception network to form a group of cloned virtual machines in the deception network when the group of the virtual machines is accessed by an adversary. The computer system creates an emulation of components from the operating network in the deception network. The components are accessible by the group of the cloned virtual machines as if the group of the cloned virtual machines was in the operating network. The computer system moves network connections for the group of the virtual machines in the operating network used by the adversary from the group of the virtual machines in the operating network to the group of the cloned virtual machines, enabling protecting the group of the virtual machines from actions performed by the adversary.Type: ApplicationFiled: October 28, 2015Publication date: May 4, 2017Inventors: Vincent Urias, William M.S. Stout, Caleb Loverro