Obviousness

The obviousness of US patent 10313385 under 35 U.S.C. § 103 can be established by combining multiple prior art references, as each element of the independent claims is taught or rendered obvious by existing art, and a person having ordinary skill in the art (POSA) would have been motivated to combine them. The patent's core innovation lies in integrating darknet exploit market data into a game-theoretic framework for cyber threat mitigation.

Independent Claims Overview

The independent claims (Claim 1, Claim 8, and Claim 15) generally cover a system, method, and computer-readable medium, respectively, for:

1. Accessing darknet information related to exploits.
2. Obtaining a set of exploits from this information.
3. Applying an exploit function to determine associated vulnerabilities.
4. Creating a "constraint set" of vulnerabilities representing minimum system dependencies.
5. Applying the exploits to this constraint set.
6. Analyzing the application to detect specific vulnerabilities.
7. Altering the computer system's configuration in response to reduce potential damage.

Combination of Prior Art References

A robust combination of prior art references that renders the independent claims obvious includes:

1. US20150215332A1 (Skyhigh Networks): Titled "Cloud service usage risk assessment using darknet intelligence." This reference teaches accessing and monitoring darknet information to gather intelligence on exploits and perform risk assessment.
2. US8863293B2 (International Business Machines Corporation): Titled "Predicting attacks based on probabilistic game-theory." This patent teaches the application of game theory to model and predict cyberattacks and develop defensive strategies.
3. US20140137257A1 (Board Of Regents, The University Of Texas System): Titled "System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure." This patent teaches identifying and assessing the risk of critical assets within an infrastructure, inherently involving the identification of their dependencies.
4. US20130198848A1 (Board Of Regents Of The University Of Texas System): Titled "Remediation of computer security vulnerabilities." This patent describes methods for identifying and remediating computer security vulnerabilities through various actions.
5. US20040088565A1 (Norman Andrew Patrick): Titled "Method of identifying software vulnerabilities on a computer system." This patent generally teaches the process of identifying software vulnerabilities.

Element-by-Element Analysis of Obviousness (using Claim 1 as representative)

Claim 1: A system for protecting a computer system from attack, the system comprising:

• "a network connection; a processing device; and a non-transitory computer-readable medium connected to the processing device configured to store instructions that, when executed by the processing device, performs the operations of:"
  • These are generic computing components. A POSA would understand that any software-implemented method, including those described in the prior art references, requires such basic hardware.
• "accessing data through the network connection, the data comprising dark net information associated with exploits of a computer system, comprising: obtaining a set of exploits from the dark net information, the set of exploits configured to penetrate the computer system;"
  • This element is explicitly taught by US20150215332A1 (Skyhigh Networks), which describes monitoring darknet access to identify malicious activity and utilizing darknet intelligence for risk assessment.
• "applying an exploit function which takes the set of exploits as input and returns a set of vulnerabilities;"
  • This is implicitly taught by US20040088565A1 (Norman Andrew Patrick), which details identifying software vulnerabilities. A POSA would understand that exploits are designed to target specific vulnerabilities, and creating a logical mapping or function (e.g., a database lookup) to relate known exploits to the vulnerabilities they target is a fundamental and obvious step in vulnerability analysis.
• "creating a constraint set of the computer system from the set of vulnerabilities, the constraint set comprising a minimum set of dependencies to operate the computer system;"
  • This element is taught by US20140137257A1 (University of Texas System), which describes "assessing a risk of one or more assets within an operational technology infrastructure." This process inherently involves identifying critical assets and their underlying dependencies to ensure system functionality, directly corresponding to the patent's "constraint set" of minimum dependencies.
• "applying the set of exploits to the constraint set of the computer system;"
  • This is taught by the combination of US8863293B2 (IBM), which teaches using "probabilistic game-theory" to predict attacks, and the understanding that this game-theoretic model would be fed with real-world exploit data (from US20150215332A1) and evaluated against identified critical vulnerabilities/dependencies (from US20140137257A1). The "application" refers to the simulation or modeling within this game-theoretic framework.
• "analyzing the application of the set of exploits on the computer system to detect a particular vulnerability of the computer system; and"
  • This is the output of the game-theoretic modeling from US8863293B2 (IBM). By predicting attacks, the system would identify the most likely vulnerabilities to be exploited by an attacker given the intelligence and the system's critical dependencies.
• "altering a configuration of the computer system in response to the analysis of the application of the set of exploits to reduce potential damage of a cyberattack."
  • This element is taught by US20130198848A1 (University of Texas System), which focuses on "remediation of computer security vulnerabilities." This includes changing system configurations (e.g., patching, removing software components) to mitigate detected vulnerabilities.

Motivation for a POSA to Combine

A person having ordinary skill in the art (POSA) in cybersecurity, faced with the dynamic and evolving cyber threat landscape, particularly the documented rise of exploit markets on the darknet, would be strongly motivated to combine these known techniques for several reasons:

1. Enhanced Threat Intelligence for Proactive Defense: The background of US10313385 explicitly states that the "widespread availability of zero-day exploits in the darknet represents a potential game changer." [cite: "BACKGROUND" section] A POSA would recognize the critical need to move beyond reactive patching and incorporate real-world, current threat intelligence, such as that gathered from darknet markets (as taught by US20150215332A1), into their defensive strategies. This provides a more accurate understanding of actual attacker capabilities and intentions.
2. Strategic Optimization of Defense: Simply identifying vulnerabilities (US20040088565A1) or remediating them (US20130198848A1) without understanding attacker motivation and resource allocation is insufficient for optimal defense. Game theory (US8863293B2) offers a powerful framework for modeling strategic interactions between attackers and defenders. A POSA would be motivated to integrate the real-world exploit costs and effectiveness from darknet intelligence (US20150215332A1) into these game-theoretic models to predict attacker behavior more accurately and devise more effective, optimized defensive responses.
3. Focused Protection of Critical Assets: In complex IT environments, patching every vulnerability is often impractical due to operational constraints, legacy systems, and software dependencies, as acknowledged in US10313385. [cite: "DETAILED DESCRIPTION" section] A POSA would therefore be motivated to prioritize defense efforts. Identifying critical system assets and their minimum operational dependencies (US20140137257A1) provides a logical "constraint set" for the game-theoretic analysis, ensuring that resources are focused on protecting the most vital components against the most likely and impactful attacks.
4. Actionable Security Posture Improvement: The ultimate goal of any security analysis is to implement improvements. The outputs from a game-theoretic analysis informed by darknet intelligence and focused on critical assets would directly feed into known vulnerability remediation techniques (US20130198848A1). A POSA would naturally combine these steps to create a comprehensive system that translates threat intelligence and strategic analysis into concrete, actionable configuration changes to improve the overall security posture.

Therefore, the combination of these prior art references, driven by the desire to implement a more intelligent, strategic, and practical cybersecurity defense system, would have been obvious to a POSA at the time of the invention. The claims of US10313385 represent an expected integration and application of existing knowledge in the field.