Abstract: A control apparatus with automated test suites according to an embodiment includes capability information storage, and at least one hardware processor configured to function as an analyzer, an organizer, and an executor. The capability information storage stores therein a plurality of capabilities defining actions indicating attack methods. The analyzer parses at least one of network structure information of a system under test and vulnerability information of the system under test to extract the actions from the capabilities. The organizer generates an attack path through which an achieved state of an attack goal is reached by combining the actions extracted by the analyzer. The executor executes the actions included in the attack path.

Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.

Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicators

Abstract: A method for visualizing and analyzing a field area network, which includes obtaining, network, traffic data that includes atomic communications and packet detail from a packet intercept system on a field area. This field area network includes a number of network nodes. The method also includes a processor extracting connectivity and routing information from the traffic data, where the connectivity and routing information includes packet information and node information, determining network characteristics based on the extracted connectivity and routing information, retaining the network characteristics in a data structure, and importing the data structure into a computer readable storage medium that is accessible to the processor.

Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.

Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicators

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.

Abstract: A method for visualizing and analyzing a field area network, which includes obtaining, network, traffic data that includes atomic communications and packet detail from a packet intercept system on a field area. This field area network includes a number of network nodes. The method also includes a processor extracting connectivity and routing information from the traffic data, where the connectivity and routing information includes packet information and node information, determining network characteristics based on the extracted connectivity and routing information, retaining the network characteristics in a data structure, and importing the data structure into a computer readable storage medium that is accessible to the processor.