| CPC H04L 63/1416 (2013.01) [G06N 20/00 (2019.01); G06N 20/10 (2019.01); H04L 41/12 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 61/2503 (2013.01); H04L 61/4511 (2022.05); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 69/22 (2013.01)] | 28 Claims |
|
1. A network security system including a processor and memory, comprising:
a network interface that connects the network security system to a public wide area network that can be accessed with addresses,
a malicious activity detection subsystem operatively connected to the network interface and operative in connection with the processor and memory to extract information from language content of different textual sources accessed using addresses on the network, to analyze the extracted information to determine whether it represents information that represents a potential threat, and to store the information that is determined to represent a threat,
a threat prediction subsystem responsive the network interface and operative in connection with the processor and memory to predict information about future threat levels based on application of a trained predictive model to activity addresses on the public wide area network, and to store the predicted information that is determined to represent a threat,
a scoring subsystem responsive to the information stored by the malicious activity detection subsystem and operative in connection with the processor and memory to provide weighted machine-readable threat scores that include a weighted machine-readable threat score for each of a plurality of the addresses for accessing content on the public wide area network, wherein the scoring subsystem aggregates machine-readable threat levels for the stored predicted information that is determined to represent a threat and the stored information that is determined to represent a threat to obtain the weighted machine-readable threat score for each of the plurality of addresses based on predetermined weightings for different threat types for the stored predicted information that is determined to represent a threat and the stored information that is determined to represent a threat for the different textual sources for that address, and
wherein the weighted machine-readable threat scores for at least some of the plurality of addresses are based on one or more of the predicted future threat levels.
|