CPC G06F 21/554 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01)] | 19 Claims |
1. A threat analysis system comprising a hardware processor configured to execute software code to:
perform rough sets analysis using training data that includes threat information including a plurality of explanatory variables representing a threat event and a discrimination result of discriminating the threat information, to learn a decision rule specifying the discrimination result depending on a combination of the explanatory variables;
for each of a plurality of threat information:
input the threat information to be analyzed;
apply the input threat information to the decision rule to identify the discrimination result of the input threat information, and the explanatory variable on which basis the discrimination result was identified, the discrimination result indicating presence or absence of a threat event; and
discard the threat information in response the discrimination result indicating the absence of the threat event,
wherein the threat analysis system provides for improved faster response to each input threat information for which the discrimination result indicates the presence of the threat event, to improve cyber security,
and wherein the rough sets analysis includes:
classifying the training data into groups according to the discrimination results;
comparing, for each training data, the explanatory variables of the training data in one group with the explanatory variables of the training data in other of the groups and identifying the explanatory variables that are different; and
aggregating comparison results by group and excluding the explanatory variables having low frequency.
|