首页>
外国专利>
PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT
PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT
A method of automatically generating one or more rule bases for an expert system usable to profile cyber threats detected in a target environment, comprising the steps of: for each alert of a training set of alerts triggered by a potential cyber threat detected by an SIEM: retrieving captured packet data related to the alert; and extracting training threat data pertaining to a set of attributes from captured packet data triggering the alert; generating a predictive model of the level of risk posed by an alert based on attribute values for that alert by analysing the captured training threat data pertaining to the set of attributes; and generating a set of fuzzy rules based on the predictive model, said rules being usable at run time in a fuzzy logic engine to evaluate data pertaining to one or more of the extracted attributes of a detected cyber threat to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the detected cyber threat.
展开▼