首页>
外国专利>
PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT
PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT
A computer implemented method of profiling cyber threats detected in a target environment, comprising: receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: retrieving captured packet data related to the alert; extracting data pertaining to a set of attributes from captured packet data triggering the alert; applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat.
展开▼