Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

Abstract: A system and method of deploying a network hopping adaptor is disclosed. In some embodiments, a network hopping adaptor may be configured to manipulate network traffic so as to change at least one network characteristic of the network traffic, and at least one network interface of a machine selected from a group of machines may be configured to send the network traffic to the network hopping adaptor. The network hopping adaptor may manipulate such characteristics as an IP address, a port number, an encryption algorithm or a compression algorithm. The group of machines may be deployed as virtual machines being executed by a virtualization server, and the network hopping adaptor may be implemented on another virtual machine being executed by the virtualization server. Alternatively, or in addition, the group of machines or the network hopping adaptor may be implemented as physical machines.

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract: A system and method of deploying a network hopping adaptor is disclosed. In some embodiments, a network hopping adaptor may be configured to manipulate network traffic so as to change at least one network characteristic of the network traffic, and at least one network interface of a machine selected from a group of machines may be configured to send the network traffic to the network hopping adaptor. The network hopping adaptor may manipulate such characteristics as an IP address, a port number, an encryption algorithm or a compression algorithm. The group of machines may be deployed as virtual machines being executed by a virtualization server, and the network hopping adaptor may be implemented on another virtual machine being executed by the virtualization server. Alternatively, or in addition, the group of machines or the network hopping adaptor may be implemented as physical machines.

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

Abstract: Embodiments for providing a next-time-interval routing parameter to a destination node are generally described herein. In some embodiments, a hopped routing parameter is calculated at a sending node using a static routing parameter of a destination node. The hopped routing parameter and source timing are encoded. The encoded hopped routing parameter and source timing are provided in the address fields of packets.

Abstract: In certain embodiments, an application maneuvering analysis tool accesses application characteristics information indicating one or more characteristics of an application for which a maneuver evaluation is desired. Using the accessed application characteristics information, the application maneuvering analysis tool determines a maneuverability index representing a maneuvering efficiency of the application and determines an implementation difficulty level according to the determined maneuverability index.

Abstract: In certain embodiments, protecting a virtualization system against computer attacks comprises facilitating operation of hypervisors comprising operation zone hypervisors and one or more forensic hypervisors. Each hypervisor operates on a corresponding physical machine, and each operation zone hypervisor manages one or more virtual machines. An assurance procedure is initiated for the hypervisors. At least one virtual machine of a first operation zone hypervisor is moved to a forensic hypervisor to analyze the potential attack. The first operation zone hypervisor is cleaned.