Systems and methods for secure propagation of statistical models within threat intelligence communities
First Claim
1. A method of securely propagating analytical models for detection of security threats and/or malicious actions among members of a threat intelligence community, comprising:
- determining and encoding attributes of security data common to, accessible by, and/or shared between the members of the threat intelligence community, the attributes including one or more measurements or features selected as indicating, identifying, predicting and/or mitigating potential malicious actions or security threats;
developing or selecting an analytical model for detection of the potential malicious actions or security threats using the encoded attributes of the security data and a derivation data schema;
encrypting the derivation data schema of the model;
translating the model into one or more common exchange formats for sharing the model with at least selected ones of the members of the threat intelligence community;
transmitting the encrypted derivation data schema of the model to the at least selected ones of the members of the threat intelligence community;
after receipt, decoding the derivation data schema at the selected ones of the members of the threat intelligence community and applying the derivation data schema to security data to determine if the encoded attributes are found;
if the encoded attributes are found, applying a remedial or mitigating action.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems/method of securely propagating analytical models for detection of security threats and/or malicious actions among a threat intelligence community can be provided. Attributes of security data accessed members of the threat intelligence community can be determined and encoded. Analytical model(s) can be developed for detection of potential malicious actions using the encoded attributes of the security data and a derivation data schema, and this derivation data schema can be encrypted. The model(s) can be translated into common exchange formats for sharing the model with community members. The encrypted derivation data schema can be transmitted to the community members. After receipt, the derivation data schema can be decoded by the community members, and the derivation data schema can be applied to security data to determine if the encoded attributes are found. If the encoded attributes are derived, remedial or mitigating action can be taken.
152 Citations
14 Claims
-
1. A method of securely propagating analytical models for detection of security threats and/or malicious actions among members of a threat intelligence community, comprising:
-
determining and encoding attributes of security data common to, accessible by, and/or shared between the members of the threat intelligence community, the attributes including one or more measurements or features selected as indicating, identifying, predicting and/or mitigating potential malicious actions or security threats; developing or selecting an analytical model for detection of the potential malicious actions or security threats using the encoded attributes of the security data and a derivation data schema; encrypting the derivation data schema of the model; translating the model into one or more common exchange formats for sharing the model with at least selected ones of the members of the threat intelligence community; transmitting the encrypted derivation data schema of the model to the at least selected ones of the members of the threat intelligence community; after receipt, decoding the derivation data schema at the selected ones of the members of the threat intelligence community and applying the derivation data schema to security data to determine if the encoded attributes are found; if the encoded attributes are found, applying a remedial or mitigating action. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securely propagating analytical models for detection of security threats and/or malicious actions among members of a threat intelligence community, comprising:
-
at least one processor; and a non-transitory computer readable storage medium having instructions stored therein, the instructions, when executed by the at least one processor, cause the system to; determine and encode attributes of security data common to, accessible by, and/or shared between the members of the threat intelligence community, the attributes including one or more measurements or features selected as indicating, identifying, predicting and/or mitigating potential malicious actions or security threats; develop an analytical model for detection of the potential malicious actions or security threats using the encoded attributes of the security data and a derivation data schema; encrypt the derivation data schema of the model; translate the model into one or more common exchange formats for sharing the model with at least selected ones of the members of the threat intelligence community; and transmit the encrypted derivation data schema of the model to the at least selected ones of the members of the threat intelligence community; wherein after receipt of the model and encrypted derivation data schema, the selected ones of the members of the threat intelligence community decode the derivation data schema and apply the derivation data schema to security data according to the model to determine if the encoded attributes are found, and if the encoded attributes are derived, apply a remedial or mitigating action. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification