公开(公告)号：US20230214496A1

公开(公告)日：2023-07-06

申请号：US17927640

申请日：2020-05-29

Applicant: NEC Corporation ,  B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU ,  Yuval ELOVICI ,  Asaf SHABTAI ,  Ron BITTON ,  Noam MOSCOVICH

IPC: G06F21/57 ,  G06F21/55 ,  G06N5/022

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06N5/022

Abstract: The knowledge generation apparatus (2000) obtains a plural pieces of attack result information (100), which includes a configuration of an attack performed on the computer environment, a configuration of the computer environment attacked, and a result of the attack. By comparing the obtained attack result information (100), the knowledge generation apparatus (2000) detects environment conditions, which is regarding the configuration of the computer environment that are necessary for the success of the attack. The knowledge generation apparatus (2000) performs selection on the detected environment conditions based on a selection rule (200), and generates the knowledge information (300) that includes the selected environment conditions. The selection rule represents a rule for determining whether to include the environment condition in the knowledge information (300), with respect to a feature of a set of attacks that are affected by the environment condition.

公开(公告)号：US20230040982A1

公开(公告)日：2023-02-09

申请号：US17793110

申请日：2020-01-17

Applicant: NEC CORPORATION ,  B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University

Inventor： Masaki INOKUCHI ,  Tomohiko YAGYU ,  Asaf SHABTAI ,  Yuval ELOVICI ,  Ron BITTON ,  Hodaya BINYAMINI

IPC: G06F21/57

Abstract: An attack information processing apparatus (10) includes an extraction unit (11) configured to extract first and second attack knowledge pieces indicating conditions of a cyber attack from first and second attack information pieces including descriptions of the cyber attack, a determination unit (12) configured to determine similarity between the first and second attack information pieces, and a complementing unit (13) configured to complement the first attack knowledge piece with the second attack knowledge piece based on the determined similarity.