System and Method for High Speed Threat Intelligence Management Using Unsupervised Machine Learning and Prioritization Algorithms
First Claim
1. A method of consolidating threat intelligence data for a computer network, the method to be performed by a computer system comprising:
- collecting threat intelligence data from a plurality of sources and normalising the collected threat intelligence data into a uniform data format;
grouping normalised threat intelligence data into clusters using unsupervised machine learning algorithms, wherein each cluster comprises a group of data that represents an attribute of the threat intelligence data;
categorizing clusters that are severe to the computer network;
comparing the clusters categorized as severe with a security posture of the computer network to determine clusters that are of interest to the computer system; and
formatting the clusters determined to be of interest to the computer system to a predefined format of the computer network.
6 Assignments
0 Petitions
Accused Products
Abstract
This document discloses a system and method for consolidating threat intelligence data for a computer and its related networks. Massive volumes of raw threat intelligence data are collected from a plurality of sources and are partitioned into a common format for cluster analysis whereby the clustering of the data is done using unsupervised machine learning algorithms. The resulting organized threat intelligence data subsequently undergoes a weighted asset based threat severity level correlation process. All the intermediary network vulnerabilities of a particular computer network are utilized as the critical consolidation parameters of this process. The final processed intelligence data gathered through this high speed automated process is then formatted into predefined formats prior to transmission to third parties.
24 Citations
33 Claims
-
1. A method of consolidating threat intelligence data for a computer network, the method to be performed by a computer system comprising:
-
collecting threat intelligence data from a plurality of sources and normalising the collected threat intelligence data into a uniform data format; grouping normalised threat intelligence data into clusters using unsupervised machine learning algorithms, wherein each cluster comprises a group of data that represents an attribute of the threat intelligence data; categorizing clusters that are severe to the computer network; comparing the clusters categorized as severe with a security posture of the computer network to determine clusters that are of interest to the computer system; and formatting the clusters determined to be of interest to the computer system to a predefined format of the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for consolidating threat intelligence data for a computer network comprising:
-
a processing unit; and a non-transitory media readable by the processing unit, the media storing instructions that when executed by the processing unit, cause the processing unit to; collect threat intelligence data from a plurality of sources and normalise the collected threat intelligence data into a uniform data format; group normalised threat intelligence data into clusters using unsupervised machine learning algorithms, wherein each cluster comprises a group of data that represents an attribute of the threat intelligence data; categorize dusters that are severe to the computer network; compare the clusters categorized as severe with a security posture of the computer network to determine clusters that are of interest to the computer system; and format the clusters determined to be of interest to the computer system to a predefined format of the computer network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for consolidating threat intelligence data for a computer network comprising:
-
circuitry configured to collect threat intelligence data from a plurality of sources and normalise the collected threat intelligence data into a uniform data format; circuitry configured to group normalised threat intelligence data into clusters using unsupervised machine learning algorithms, wherein each cluster comprises a group of data that represents an attribute of the threat intelligence data; circuitry configured to categorize clusters that are severe to the computer network; circuitry configured to compare the clusters categorized as severe with a security posture of the computer network to determine clusters that are of interest to the computer system; and circuitry configured to format the clusters determined to be of interest to the computer system to a predefined format of the computer network. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification