CPC H04L 63/1433 (2013.01) [G06N 5/025 (2013.01); H04L 63/302 (2013.01)] | 8 Claims |
1. A method of predicting likelihood of exploitation for cyber threats before they occur, the method, comprising:
providing a processor in communication with a tangible storage medium;
storing instructions that are executed by the processor to perform operations comprising:
accessing a first dataset defining communications from forums and marketplaces associated with a hacker community;
deriving a plurality of temporal rules by correlating a plurality of indicators generated from the first dataset and ground truth information associated with known cyberattacks by:
filtering out data that is not related to cybersecurity;
retaining data that is related to cybersecurity;
recognizing entities from the context of postings and assigning a confidence score;
using the confidence score and potential impact of concept drift to filter for relevant entities; and
using machine learning to derive the temporal rules;
the plurality of indicators including mappings between a vulnerability and a platform known to be susceptible to the vulnerability; and
predicting a cyber threat, including:
identifying an indicator of the plurality of indicators from a second dataset, the second dataset defining additional communications from the hacker community and the indicator being a precondition to a corresponding rule of the plurality of temporal rules, and applying information associated with the indicator to the corresponding rule of the plurality of temporal rules to output at least one prediction of a future attack associated with the cyber threat.
|