发明名称 |
Profiling cyber threats detected in a target environment and automatically generating one or more rule bases for an expert system usable to profile cyber threats detected in a target environment |
摘要 |
A computer implemented method of profiling cyber threats detected in a target environment, comprising: receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: retrieving captured packet data related to the alert; extracting data pertaining to a set of attributes from captured packet data triggering the alert; applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat. |
申请公布号 |
US9503472(B2) |
申请公布日期 |
2016.11.22 |
申请号 |
US201414562541 |
申请日期 |
2014.12.05 |
申请人 |
CYBERLYTIC LIMITED |
发明人 |
Laidlaw Stuart;Harold St. John;Hillick Mark |
分类号 |
G06F11/00;H04L29/06;G06F21/55;G06N5/04;G06F21/57 |
主分类号 |
G06F11/00 |
代理机构 |
Cowan, Liebowitz & Latman, P.C. |
代理人 |
Cowan, Liebowitz & Latman, P.C. ;Underwood Steven D. |
主权项 |
1. A computer implemented method of profiling cyber threats detected in a target environment, comprising:
receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: (A) retrieving captured packet data related to the alert; (B) extracting data pertaining to a set of attributes from captured packet data triggering the alert; and (C) applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat; wherein the fuzzy logic comprises one or more rule bases comprising fuzzy rules and being usable to evaluate a CT risk indicator; wherein each fuzzy rule of a rule base has:
as an antecedent, a fuzzy set of one or more input fuzzy variables each representative of a said attribute and any logical operators connecting input fuzzy variables, andas a consequent, a fuzzy set of an output fuzzy variable representative of the CT risk indicator; and wherein step (C) comprises, for each fuzzy rule of a rule base: (i) for each input fuzzy variable of the antecedent, fuzzifying data pertaining to the attribute represented by the input fuzzy variable to determine a membership value across the fuzzy set of the input fuzzy variable; (ii) evaluating the antecedent, performing any declared fuzzy logical operators to provide a single membership value; and (iii) evaluating the consequent by performing a fuzzy implication operator on the antecedent to determine the membership value of the relevant output cyber threat indicator. |
地址 |
London GB |