白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Using neural networks to process forensics and generate threat intelligence information

專利號(hào)
US11888895B2
公開日期
2024-01-30
申請(qǐng)人
Proofpoint, Inc.(US CA Sunnyvale)
發(fā)明人
Zachary Mitchell Abzug; Kevin Patrick Blissett; Brian Sanford Jones
IPC分類
G06F7/04; H04L9/40; G06N3/08; G06N3/045
技術(shù)領(lǐng)域
campaign,platform,neural,or,may,forensics,threat,compromise,networks,threats
地域: CA CA Sunnyvale

摘要

Aspects of the disclosure relate to generating threat intelligence information. A computing platform may receive forensics information corresponding to message attachments. For each message attachment, the computing platform may generate a feature representation. The computing platform may input the feature representations into a neural network, which may result in a numeric representation for each message attachments. The computing platform may apply a clustering algorithm to cluster each message attachments based on the numeric representations, which may result in clustering information. The computing platform may extract, from the clustering information, one or more indicators of compromise indicating that one or more attachments corresponds to a threat campaign. The computing platform may send, to an enterprise user device, user interface information comprising the one or more indicators of compromise, which may cause the enterprise user device to display a user interface identifying the one or more indicators of compromise.

說(shuō)明書

At step 204, the electronic messaging server 130 may receive the message metadata sent at step 203. For example, the electronic messaging server 130 may receive message metadata that may be used, in addition or as an alternative to the information received at step 202, to train one or more neural networks.

At step 205, the campaign identification platform 110 may extract one or more features from the information and/or the message metadata. For example, in extracting the one or more features from the information and/or the message metadata, the campaign identification platform 110 may identify one or more data labels and/or properties corresponding to the information and/or the message metadata (e.g., a URL, a sender, a subject line, a domain name, a geographic region, a time, and/or other features).

At step 206, the campaign identification platform 110 may aggregate the extracted one or more features for each attachment, URL, file, and/or other data object being analyzed. For example, the campaign identification platform 110 may aggregate features based on their corresponding threat campaigns. In some instances, the campaign identification platform 110 may receive information identifying these corresponding threat campaigns from an employee of an enterprise organization such as a threat researcher or other network security specialist (e.g., this received and/or original data may be manually labelled, and used to train the one or more neural networks as described below).

權(quán)利要求

1
微信群二維碼
意見反饋