| CPC G06F 21/552 (2013.01) [G06F 21/577 (2013.01); G06N 7/01 (2023.01)] | 31 Claims |
|
1. A method for generating a predictive response to a cyberattack comprising:
detecting information indicative of a cyberattack on an endpoint;
configuring the information as an input to a directed graph model, wherein the directed graph model comprises a plurality of nodes, each node representing an attack state;
providing the input to the directed graph model;
computing, via the directed graph model, a prediction result, the prediction result comprising one or more predicted nodes from the plurality of nodes and one or more associated probabilities;
classifying the one or more predicted nodes; and
determining, based on the classifying and the prediction result, one or more actions for responding to the cyberattack, the one or more actions comprising:
identifying a plurality of parent nodes of the prediction result; and
at least one of:
setting the one or more actions based on risk levels of the plurality of parent nodes;
if each of the plurality of parent nodes comprise equal risk levels, setting the one or more actions based on a union of actions from the plurality of parent nodes;
setting the one or more actions based on a level of specificity of a parent node;
setting the one or more actions based on probabilities of the plurality of parent nodes; or
if each of the plurality of parent nodes comprise equal probability levels, setting the one or more actions based on a union of actions from the plurality of parent nodes.
|