US 12,169,558 B2
Threat analysis system, threat analysis device, threat analysis method and threat analysis program
Takahiro Kakumaru, Tokyo (JP); Naoki Sasamura, Tokyo (JP); Takaaki Ohara, Tokyo (JP); and Yuya Yamada, Tokyo (JP)
Assigned to NEC CORPORATION, Tokyo (JP)
Appl. No. 17/269,397
Filed by NEC Corporation, Tokyo (JP)
PCT Filed Apr. 10, 2019, PCT No. PCT/JP2019/015589
§ 371(c)(1), (2) Date Feb. 18, 2021,
PCT Pub. No. WO2020/039646, PCT Pub. Date Feb. 27, 2020.
Claims priority of application No. 2018-154674 (JP), filed on Aug. 21, 2018.
Prior Publication US 2021/0248232 A1, Aug. 12, 2021
Int. Cl. G06F 21/55 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC G06F 21/554 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A threat analysis system comprising a hardware processor configured to execute software code to:
perform rough sets analysis using training data that includes threat information including a plurality of explanatory variables representing a threat event and a discrimination result of discriminating the threat information, to learn a decision rule specifying the discrimination result depending on a combination of the explanatory variables;
for each of a plurality of threat information:
input the threat information to be analyzed;
apply the input threat information to the decision rule to identify the discrimination result of the input threat information, and the explanatory variable on which basis the discrimination result was identified, the discrimination result indicating presence or absence of a threat event; and
discard the threat information in response the discrimination result indicating the absence of the threat event,
wherein the threat analysis system provides for improved faster response to each input threat information for which the discrimination result indicates the presence of the threat event, to improve cyber security,
and wherein the rough sets analysis includes:
classifying the training data into groups according to the discrimination results;
comparing, for each training data, the explanatory variables of the training data in one group with the explanatory variables of the training data in other of the groups and identifying the explanatory variables that are different; and
aggregating comparison results by group and excluding the explanatory variables having low frequency.