Forecasting and classifying cyber-attacks using neural embeddings based on pattern of life data
First Claim
1. A method comprising:
- constructing a first collection, the first collection comprising a pattern of life (POL) feature vector and a Q&
A feature vector;
constructing a second collection from the first collection by inserting noise data in at least one of the POL feature vector and the Q&
A feature vector;
further constructing a third collection by using at least one of (i) combining, to crossover, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fourth collection, wherein the second and the fourth collections have a property similar to one another, and (ii) combining, to migrate, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fifth collection, wherein the second and the fifth collections have a property distinct from one another;
aging, using a forecasting configuration, a POL feature vector of the third collection to generate a changed POL feature vector, the changed POL feature vector containing POL feature values expected at a future time;
predicting, by inputting the changed POL feature vector in a trained neural network, a probability of the cyber-attack occurring at the future time;
further predicting, using the trained neural network, a classification of the cyber-attack occurring at the future time;
constructing, from the first portion, natural language (NL) corpora; and
submitting the NL question against the NL corpora using a Q&
A system, wherein the Q&
A system produces the answer corresponding to the NL question based on the NL corpora.
2 Assignments
0 Petitions
Accused Products
Abstract
A first collection including a pattern of life (POL) feature vector and a Q&A feature vector is constructed. A second collection is constructed from the first collection by inserting noise in at least one of the vectors. A third collection is constructed by crossing over at least one of vectors of the second collection with a corresponding vector of a fourth collection, migrating at least one of the vectors of the second collection with a corresponding vector of a fifth collection. Using a forecasting configuration, a POL feature vector of the third collection is aged to generate a changed POL feature vector containing POL feature values expected at a future time. The changed POL feature vector is input into a trained neural network to predict a probability of the cyber-attack occurring at the future time.
16 Citations
18 Claims
-
1. A method comprising:
-
constructing a first collection, the first collection comprising a pattern of life (POL) feature vector and a Q&
A feature vector;constructing a second collection from the first collection by inserting noise data in at least one of the POL feature vector and the Q&
A feature vector;further constructing a third collection by using at least one of (i) combining, to crossover, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fourth collection, wherein the second and the fourth collections have a property similar to one another, and (ii) combining, to migrate, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fifth collection, wherein the second and the fifth collections have a property distinct from one another;aging, using a forecasting configuration, a POL feature vector of the third collection to generate a changed POL feature vector, the changed POL feature vector containing POL feature values expected at a future time; predicting, by inputting the changed POL feature vector in a trained neural network, a probability of the cyber-attack occurring at the future time; further predicting, using the trained neural network, a classification of the cyber-attack occurring at the future time; constructing, from the first portion, natural language (NL) corpora; and submitting the NL question against the NL corpora using a Q&
A system, wherein the Q&
A system produces the answer corresponding to the NL question based on the NL corpora. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising one or more computer-readable storage devices, and program instructions stored on at least one of the one or more storage devices, the stored program instructions comprising:
-
program instructions to construct a first collection, the first collection comprising a pattern of life (POL) feature vector and a Q&
A feature vector;program instructions to construct a second collection from the first collection by inserting noise data in at least one of the POL feature vector and the Q&
A feature vector;program instructions to further construct a third collection by using at least one of (i) combining, to crossover, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fourth collection, wherein the second and the fourth collections have a property similar to one another, and (ii) combining, to migrate, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fifth collection, wherein the second and the fifth collections have a property distinct from one another;program instructions to age, using a forecasting configuration, a POL feature vector of the third collection to generate a changed POL feature vector, the changed POL feature vector containing POL feature values expected at a future time; program instructions to predict, by inputting the changed POL feature vector in a trained neural network, a probability of the cyber-attack occurring at the future time; further predicting, using the trained neural network, a classification of the cyber-attack occurring at the future time; constructing, from the first portion, natural language (NL) corpora; and submitting the NL question against the NL corpora using a Q&
A system, wherein the Q&
A system produces the answer corresponding to the NL question based on the NL corpora.
-
-
18. A computer system comprising one or more processors, one or more computer-readable memories, and one or more computer-readable storage devices, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the stored program instructions comprising:
-
program instructions to construct a first collection, the first collection comprising a pattern of life (POL) feature vector and a Q&
A feature vector;program instructions to construct a second collection from the first collection by inserting noise data in at least one of the POL feature vector and the Q&
A feature vector;
program instructions to further construct a third collection by using at least one of (i) combining, to crossover, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fourth collection, wherein the second and the fourth collections have a property similar to one another, and (ii) combining, to migrate, at least one of a POL feature vector and a Q&
A feature vector of the second collection with a corresponding at least one of a POL feature vector and a Q&
A feature vector of a fifth collection, wherein the second and the fifth collections have a property distinct from one another;program instructions to age, using a forecasting configuration, a POL feature vector of the third collection to generate a changed POL feature vector, the changed POL feature vector containing POL feature values expected at a future time; program instructions to predict, by inputting the changed POL feature vector in a trained neural network, a probability of the cyber-attack occurring at the future time; further predicting, using the trained neural network, a classification of the cyber-attack occurring at the future time; constructing, from the first portion, natural language (NL) corpora; and submitting the NL question against the NL corpora using a Q&
A system, wherein the Q&
A system produces the answer corresponding to the NL question based on the NL corpora.
-
Specification