| CPC G06F 21/577 (2013.01) [H04L 63/1408 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
|
1. A method for facilitating risk mitigation of information security threats, comprising:
obtaining from at least one tracked data source a plurality of information items comprising information relating to a plurality of threats;
for each of the plurality of threats identifying by analyzing the plurality of information items and storing in a database a plurality of events indicative of a usage likelihood of the threat and associated each with a date and time;
generating from the plurality of events in the database for each of the plurality of threats and storing in the database a plurality of threat timelines each comprising a temporally ordered sequence of the plurality of events fora respective threat;
for each of the plurality of threats and a plurality of time windows assigning labeling denoting threat usage in a respective one of the plurality of time windows using a plurality of incident records each documenting at least one threat usage incident of at least one of the plurality of threats;
for each of the plurality of threat timelines extracting from the plurality of events a plurality of features;
determining a correlation between the plurality of features extracted from the plurality of threat timelines and the labeling assigned, and selecting from the plurality of features a plurality of selected features based on the correlation;
training at least one machine learning model for predicting threat usage in at least one time window using the plurality of selected features and labeling;
for each of the plurality of threats calculating based on the plurality of selected features and storing in the database a dynamic score indicating an estimated level of risk posed by the threat using the at least one machine learning model; and
for at least one of the plurality of threats outputting an indication of the dynamic score based on which risk mitigation according to the estimated level of risk being enabled.
|