| CPC G06F 21/566 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A computing platform comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
generate a knowledge graph that includes a plurality of computing devices and indicates relationships between the plurality of computing devices;
train, using historical information, a machine learning model, wherein training the machine learning model configures the machine learning model to predict time horizons for spread of malicious software, wherein each of the time horizons includes a subset of the plurality of computing devices;
identify malicious software at one computing device of the plurality of computing devices;
input characteristics of the malicious software into the machine learning model to produce time horizons for the identified malicious software;
identify, using the knowledge graph and based on the time horizons for the identified malicious software, subsets of the plurality of computing devices, each corresponding to a particular time horizon; and
perform, at a time within a first time horizon, a first security action for at least a first subset of the plurality of computing devices located within the first time horizon and a second security action for at least a second subset of the plurality of computing devices located within a second time horizon, wherein the first time horizon and the second time horizon indicate that the first subset of the plurality of computing devices will be affected by the identified malicious software prior to the second subset of the plurality of computing devices.
|