Automated machine learning scheme for software exploit prediction
First Claim
Patent Images
1. A method for providing a threat level based on a prediction of a likelihood that a current vulnerability is employed in a customer computer network, the method comprising:
- retrieving a prediction ensemble previously used by a prediction engine the prediction ensemble defining a combination of a plurality of prediction models and adjustments to be used by the prediction engineretraining the prediction ensemble previously used by the prediction engine the retraining evaluating a combined data set of historical vulnerability information and a modeling scheme (130) to generate a revised prediction ensemble based on a plurality of prediction models;
retrieving current vulnerability information describing a current vulnerability from the plurality of data sources;
processing the current vulnerability information describing the current vulnerability for use by the prediction engine;
generating, using the prediction engine, a prediction based on the revised prediction ensemble and the processed current vulnerability information, the prediction identifying the likelihood that the current vulnerability is employed in a customer computer network;
providing to an administrator of the customer computer network the threat level based on the prediction of the likelihood the current vulnerability is employed in the customer computer network, the threat level being based on predetermined thresholds defined by the administrator of the customer computer network;
translating vulnerability descriptions from the historical vulnerability information to defined values;
performing textual analysis to extract additional information from the historical vulnerability information;
correlating the defined values, the additional information, and untranslated source information, andgenerating the combined data set based on the correlated defined values, the additional information, and the untranslated source information of the historical vulnerability information.
1 Assignment
0 Petitions
Accused Products
Abstract
A predictive engine for analyzing existing vulnerability information to determine the likelihood of a vulnerability being exploited by malicious actors against a particular computer or network of computers. The predictive engine relies on multiple data sources providing historical vulnerability information, a plurality of predictive models, and periodic retraining of the prediction ensemble utilizing predictive models. Modeling schemes may also be used when retraining the predictive models forming the prediction ensemble.
-
Citations
18 Claims
-
1. A method for providing a threat level based on a prediction of a likelihood that a current vulnerability is employed in a customer computer network, the method comprising:
-
retrieving a prediction ensemble previously used by a prediction engine the prediction ensemble defining a combination of a plurality of prediction models and adjustments to be used by the prediction engine retraining the prediction ensemble previously used by the prediction engine the retraining evaluating a combined data set of historical vulnerability information and a modeling scheme (130) to generate a revised prediction ensemble based on a plurality of prediction models; retrieving current vulnerability information describing a current vulnerability from the plurality of data sources; processing the current vulnerability information describing the current vulnerability for use by the prediction engine; generating, using the prediction engine, a prediction based on the revised prediction ensemble and the processed current vulnerability information, the prediction identifying the likelihood that the current vulnerability is employed in a customer computer network; providing to an administrator of the customer computer network the threat level based on the prediction of the likelihood the current vulnerability is employed in the customer computer network, the threat level being based on predetermined thresholds defined by the administrator of the customer computer network; translating vulnerability descriptions from the historical vulnerability information to defined values; performing textual analysis to extract additional information from the historical vulnerability information; correlating the defined values, the additional information, and untranslated source information, and generating the combined data set based on the correlated defined values, the additional information, and the untranslated source information of the historical vulnerability information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing a threat level based on a prediction of a likelihood that a current vulnerability is employed in a customer computer network, the system comprising:
-
a processor configured to generate and store in a data repository a combined data set of historical vulnerability information obtained from a plurality of data sources, wherein the processor is configured to translate vulnerability descriptions from the historical vulnerability information into defined values, perform textual analysis to extract additional information from the historical vulnerability information, correlate the defined values, the additional information, and untranslated source information, and generate the combined data set based on the correlated defined values, the additional information, and the untranslated source information; a retraining server configured to retrain a prediction ensemble previously used for execution by a prediction engine, the retraining evaluating the combined data set and a received modeling scheme to generate a revised prediction ensemble based on a plurality of prediction models; wherein the prediction ensemble defines a combination of the plurality of prediction models and adjustments to be used by the prediction engine; the data repository retrieving, from a plurality of data sources, current vulnerability information describing a current vulnerability;
the data repository processing the current vulnerability information describing the current vulnerability for use by the prediction engine; anda prediction engine execution server configured to generate a prediction using the prediction engine, the prediction being based on the revised prediction ensemble and the processed current vulnerability information, the prediction providing the likelihood that the current vulnerability is employed in a customer computer network; wherein the prediction engine execution server provides to an administrator of the customer computer network the threat level based on the prediction of the likelihood the current vulnerability is employed in the customer computer network, the threat level being based on predetermined thresholds defined by the administrator of the customer computer network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification