Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

Abstract: A system and method of deploying a network hopping adaptor is disclosed. In some embodiments, a network hopping adaptor may be configured to manipulate network traffic so as to change at least one network characteristic of the network traffic, and at least one network interface of a machine selected from a group of machines may be configured to send the network traffic to the network hopping adaptor. The network hopping adaptor may manipulate such characteristics as an IP address, a port number, an encryption algorithm or a compression algorithm. The group of machines may be deployed as virtual machines being executed by a virtualization server, and the network hopping adaptor may be implemented on another virtual machine being executed by the virtualization server. Alternatively, or in addition, the group of machines or the network hopping adaptor may be implemented as physical machines.

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract: A system and method of deploying a network hopping adaptor is disclosed. In some embodiments, a network hopping adaptor may be configured to manipulate network traffic so as to change at least one network characteristic of the network traffic, and at least one network interface of a machine selected from a group of machines may be configured to send the network traffic to the network hopping adaptor. The network hopping adaptor may manipulate such characteristics as an IP address, a port number, an encryption algorithm or a compression algorithm. The group of machines may be deployed as virtual machines being executed by a virtualization server, and the network hopping adaptor may be implemented on another virtual machine being executed by the virtualization server. Alternatively, or in addition, the group of machines or the network hopping adaptor may be implemented as physical machines.

Abstract: Generally discussed herein are systems, apparatuses, or processes to recognize that a cyber threat exists or predict a future track of a cyber threat in a network. According to an example, a process for recognizing a cyber threat can include (1) determining a network layout of a network based on received network layout data, (2) receiving cyber sensor data indicating actions performed on the network, (3) calculating a first score associated with the cyber sensor data indicating that a cyber threat is present in the network by comparing a cyber threat profile of the cyber threat that details actions performed by the cyber threat to actions indicated by the cyber sensor data, (4) determining whether the calculated first score is greater than a specified threshold, or (5) determining that the cyber threat is present in response to determining the calculated first score is greater than the specified threshold.

Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

Abstract: Embodiments for providing a next-time-interval routing parameter to a destination node are generally described herein. In some embodiments, a hopped routing parameter is calculated at a sending node using a static routing parameter of a destination node. The hopped routing parameter and source timing are encoded. The encoded hopped routing parameter and source timing are provided in the address fields of packets.

Abstract: In certain embodiments, analyzing cyber attacks includes receiving cyber attack parameters. A cyber attack parameter describes a performance attribute of a cyber attack scenario. The cyber attack parameters comprises at least one temporal parameter describing a temporal feature of the cyber attack scenario. The following is performed for each cyber defense of one or more cyber defenses to yield one or more sets of cyber attack metrics: simulating the cyber attack operating with a cyber defense; and determining a set of cyber attack metrics describing the cyber attack operating with the cyber defense. The cyber defenses are evaluated in accordance with the sets of cyber attack metrics.

Abstract: In accordance with certain embodiments of the present disclosure, specifying integration points of a system-of-systems includes identifying an integration point that associates interfaces of system components. The integration point is characterized according to the identification to generate a set of attributes describing the interfaces. The integration point is specified according to the set of attributes.

Abstract: In certain embodiments, an application maneuvering analysis tool accesses application characteristics information indicating one or more characteristics of an application for which a maneuver evaluation is desired. Using the accessed application characteristics information, the application maneuvering analysis tool determines a maneuverability index representing a maneuvering efficiency of the application and determines an implementation difficulty level according to the determined maneuverability index.

Abstract: In certain embodiments, analyzing cyber attacks includes receiving cyber attack parameters. A cyber attack parameter describes a performance attribute of a cyber attack scenario. The cyber attack parameters comprises at least one temporal parameter describing a temporal feature of the cyber attack scenario. The following is performed for each cyber defense of one or more cyber defenses to yield one or more sets of cyber attack metrics: simulating the cyber attack operating with a cyber defense; and determining a set of cyber attack metrics describing the cyber attack operating with the cyber defense. The cyber defenses are evaluated in accordance with the sets of cyber attack metrics.

Abstract: A troubleshooting portal method for providing connectivity between a first communication device and a second communication device. The second communication device resides in an access provider communication system. One embodiment comprises receiving a specification from a user by the first communication device, the specification comprising at least one predefined identifier that identifies the second communication device, and receiving a request to establish connectivity between the user and the second communication device; associating the predefined identifier with said second communication device; establishing connectivity between the first communication device and the second communication device based upon the specified predefined identifier; receiving at least troubleshooting data and a test from the user; and communicating the received troubleshooting data and the test to the second device.