US 12,413,622 B2
System and method for generating cyber threat intelligence
Sanjay Sengupta, Haryana (IN); and Mahesh Banerjee, Haryana (IN)
Assigned to Whizhack Technologies Pvt. Ltd., (IN)
Filed by Whizhack Technologies Pvt. Ltd., Haryana (IN)
Filed on Sep. 14, 2022, as Appl. No. 17/944,778.
Claims priority of application No. 202211028366 (IN), filed on May 17, 2022.
Prior Publication US 2023/0379361 A1, Nov. 23, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 4 Claims
OG exemplary drawing
 
1. A system for generating cyber threat intelligence, the system comprising:
a plurality of honeynets configured to emulate one or more services;
a plurality of sensors, each sensor of the plurality of sensors associated with a honeynet, each sensor configured to detect cyberattacks on the associated honeynet;
a data collector configured to receive data relating to the cyberattacks on the plurality of honeynets; and
a computing device communicably coupled to the plurality of honeynets, the plurality of sensors and the data collector, the computing device comprising a processor communicably coupled to a memory, the memory storing instructions, which when executed by the processor causes the computing device to be configured to:
detect, via an intrusion detector of each sensor, cyberattacks on the plurality of honeynets based on an analysis of network traffic through the plurality of honeynets, wherein the cyberattacks are detected using a signature-based ruleset defining malicious connections on basis of predefined signatures including blacklisted IPs and malicious patterns observed from network traffic;
extract, from the detected cyberattacks on the plurality of honeynets via a deep packet inspection engine of each sensor, a detailed forensic data log based on an analysis of content of data packets pertaining to the cyberattacks on the plurality of honeynets; and
transmit the detailed forensic data log to the data collector,
wherein the data collector stores the detailed forensic data log for further analysis to generate the cyber threat intelligence,
wherein the data collector is configured to:
process and index a forensic data log received from each sensor;
dynamically render and load the processed and indexed forensic data log in real-time; and
provide a user management and overall stack management functionalities, and
wherein the data collector is placed under a load balancer, wherein the load balancer is configured to spawn additional resources as per load requirement.