System and method for predicting cyber threat
First Claim
1. An intrusion detection system for quantifying a value within a low to a high range of values, which allows a user to take appropriate counter measures before a cyber threat occurs, the system comprising:
- a processor and a memory, the memory having stored thereon;
an information collection-processing module for collecting and processing at least one of information on an intrusion detection event, statistical information on network traffic, cyber threat information of an Internet bulletin board, information from at least one to a plurality of first persons in response to predetermined questions asked related to at least one or more cyber threats,wherein the cyber threat information of the internet bulletin board is configured to be automatically collect information from predetermined articles on each of the at least one or more cyber threats from at least two or more predetermined Internet bulletin boards at predetermined time intervals prior to generating the predetermined questions for each of the respective cyber threats;
a engine sub-system for allowing the user to take the appropriate counter measures before the cyber threat actually occurs by using at least one of a time-series analysis method and a Delphi method according to the collected and processed information;
a database (DB) management module for storing and managing the collected and processed information of the engine sub-system,wherein each of the at least one to the plurality of first persons provide the respective information in response to the questions asked about the cyber threats is represented by a statistical value,wherein the statistical value is configured based on quantifying quantitative answers to at least one or more questions received from each of the at least one to the plurality of first persons respective information to generate a degree of the predicted occurrence of the cyber threat before the cyber threat occurs,wherein the degree of the quantified quantitative answer ranges from a most selected answer to a least selected answer,wherein the engine sub-system applies the time-series analysis of information on the intrusion detection event and the statistical information on network traffic with the generated degree of the quantified quantitative answers ranging from the most selected answer to the least selected answer to generate a value within the range of values for allowing the user to take the appropriate counter measures before the cyber threat occurs,wherein a low value indicates a low probability that the cyber threat will occur and a high value indicates a high probability that the cyber threat will occur; and
a result display graphic user interface (GUI)-management module for displaying the generated value within the range of values for allowing the user to determine whether take the appropriate counter measures before the cyber threat occurs of the engine sub-system on a screen.
4 Assignments
0 Petitions
Accused Products
Abstract
Provided are a system and method for predicting a cyber threat. The system and method collect various variables and synthetically predict the frequency, dangerousness, possibility, and time of the occurrence of a cyber threat including hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, weakness exploitation, etc., using a time-series analysis method and a Delphi method, and inform a user in advance of the prediction result, thereby enabling the user to prepare against the cyber threat.
-
Citations
20 Claims
-
1. An intrusion detection system for quantifying a value within a low to a high range of values, which allows a user to take appropriate counter measures before a cyber threat occurs, the system comprising:
-
a processor and a memory, the memory having stored thereon; an information collection-processing module for collecting and processing at least one of information on an intrusion detection event, statistical information on network traffic, cyber threat information of an Internet bulletin board, information from at least one to a plurality of first persons in response to predetermined questions asked related to at least one or more cyber threats, wherein the cyber threat information of the internet bulletin board is configured to be automatically collect information from predetermined articles on each of the at least one or more cyber threats from at least two or more predetermined Internet bulletin boards at predetermined time intervals prior to generating the predetermined questions for each of the respective cyber threats; a engine sub-system for allowing the user to take the appropriate counter measures before the cyber threat actually occurs by using at least one of a time-series analysis method and a Delphi method according to the collected and processed information; a database (DB) management module for storing and managing the collected and processed information of the engine sub-system, wherein each of the at least one to the plurality of first persons provide the respective information in response to the questions asked about the cyber threats is represented by a statistical value, wherein the statistical value is configured based on quantifying quantitative answers to at least one or more questions received from each of the at least one to the plurality of first persons respective information to generate a degree of the predicted occurrence of the cyber threat before the cyber threat occurs, wherein the degree of the quantified quantitative answer ranges from a most selected answer to a least selected answer, wherein the engine sub-system applies the time-series analysis of information on the intrusion detection event and the statistical information on network traffic with the generated degree of the quantified quantitative answers ranging from the most selected answer to the least selected answer to generate a value within the range of values for allowing the user to take the appropriate counter measures before the cyber threat occurs, wherein a low value indicates a low probability that the cyber threat will occur and a high value indicates a high probability that the cyber threat will occur; and a result display graphic user interface (GUI)-management module for displaying the generated value within the range of values for allowing the user to determine whether take the appropriate counter measures before the cyber threat occurs of the engine sub-system on a screen. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of providing information on a cyber threat comprising at least one of hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, and exploitation for quantifying a value within a low to a high range of values, which allows a user to take appropriate counter measures before the cyber threat occurs, the method comprising the steps of:
-
providing a processor and a memory, the memory having stored thereon; (a) collecting cyber threat information, wherein the cyber threat information comprises at least one of information on an intrusion detection event, statistical information on network traffic, statistical information on a network packet, cyber threat information of an Internet bulletin board, and information from each of at least one to a plurality of first persons that predicts occurrence of the cyber threat; (b) processing the collected cyber threat information into time-series data and quantitative data, and storing the time-series data and the quantitative data; (c) providing information for predicting occurrence of the cyber threat before the cyber threat actually occurs by using at least one of a time-series models and a Delphi method according to a type of the cyber threat, wherein each of at least one to a plurality of first persons provide the respective information for predicting occurrence of the cyber threat before the cyber threat occurs, wherein each of the at least one to the plurality of first persons respective information for predicting occurrence of the cyber threat before the cyber threat occurs is represented by a statistical value, wherein the statistical value is based on quantifying quantitative answers to at least one or more questions received from each of the at least one to the plurality of first persons respective information to generate a degree of the occurrence of the cyber threat before the cyber threat actually occurs, wherein the questions are automatically generated from a user'"'"'s defined internet boards prior to generating the one or more questions, where the internet boards are selected based on the type of cyber threat, wherein the degree of the quantified quantitative answer ranges from a most selected answer to a least selected answer, wherein the providing information on the occurrence of the cyber threat applies the time-series analysis of information on the intrusion detection event and the statistical information on network traffic with the generated degree of the quantified quantitative answers ranging from the most selected answer to the least selected answer to generate a value within the range of values for allowing the user to take the appropriate counter measures before the cyber threat occurs, wherein a low value indicates a low probability that the cyber threat will actually occur and a high value indicates a high probability that the cyber threat will occur; and (d) storing the generated value within the range of values for allowing the user to determine whether take the appropriate counter measures before the cyber threat occurs and providing the generated value within the range of values for allowing the user to determine whether take the appropriate counter measures before the cyber threat occurs by using a graph or text according to the user'"'"'s request. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. An intrusion detection system for quantifying a value within a low to a high range of values, which allows a user to take appropriate counter measures before a cyber threat occurs, the system comprising:
-
a processor and a memory, the memory having stored thereon; an information collection-processing module for collecting and processing at least one of information on an intrusion detection event, statistical information on network traffic, cyber threat information of an Internet bulletin board, information from at least one to a plurality of first persons that predicts occurrence of the cyber threat before the cyber threat occurs; a engine sub-system for allowing the user to take the appropriate counter measures before the cyber threat occurs by using at least one of a time-series analysis method and a Delphi method according to the collected and processed information; a database (DB) management module for storing and managing the collected and processed information of the engine sub-system, wherein each of the at least one to the plurality of first persons provide the respective information that predicts occurrence of the cyber threat before the cyber threat occurs, wherein each of the at least one to the plurality of first persons respective information that predicts occurrence of the cyber threat before the cyber threat occurs is represented by a statistical value, wherein the statistical value is based on quantifying quantitative answers to at least one or more questions received from each of the at least one to the plurality of first persons respective opinion information on a degree of the occurrence of the cyber threat; and wherein the statistical value is configured based on quantifying quantitative answers to at least one or more questions received from each of the at least one to the plurality of first persons respective information to generate a degree of the predicted occurrence of the cyber threat before the cyber threat occurs, wherein the degree of the quantified quantitative answer ranges from a most selected answer to a least selected answer, wherein the questions are automatically generated from a user'"'"'s defined internet boards prior to generating the one or more questions, wherein each of the at least one to the plurality of first persons respective information that predicts occurrence of the cyber threat are pre-selected by the user in advance of receiving the questions, wherein the pre-selected first persons are selected by the user according the pre-selected first persons'"'"' expertise in the cyber threat, and where the internet boards are selected based on the cyber threat, a result display graphic user interface (GUI)-management module for displaying the prediction result of the prediction engine sub-system on a screen of the prediction of the frequency and time of the occurrence of the cyber threat at a future time in order for a user to prepare against the cyber threat to minimize damage from the cyber threat, and changing and managing configurations of the prediction engine sub-system and the information collection-processing module.
-
Specification