| CPC H04L 63/1466 (2013.01) [G06N 3/08 (2013.01); G06N 5/025 (2013.01); H04L 63/029 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method, comprising:
identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment, the detection coverage of the set of adversarial techniques indicating an extent to which each adversarial technique from the set of adversarial techniques can be detected;
determining using a machine learning model, a subset of detection coverage having a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques, the metric value being a measure of an extent to which an adversarial technique from the set of adversarial techniques can be detected;
identifying at least one detection instance associated with the subset of detection coverage for the set of adversarial techniques;
presenting, via a graphical user interface, an interactive visualization of a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage, wherein the interactive visualization includes selectable elements corresponding to different aspects of the detection coverage;
generating, based on user interaction with the selectable elements, a customized detection strategy for addressing the subset of detection coverage having the metric value below the metric value threshold; and
updating the subset of detection coverage based on the customized detection strategy of at least the telemetry data, the detection instance, or the at least one detection instance associated with the subset of detection coverage to improve the metric value of the subset of detection coverage to above the metric value threshold.
|