Prior art — US Patent 11892897

I have retrieved information for US Patent 11892897, titled "Systems and methods for predicting which software vulnerabilities will be exploited by malicious hackers to prioritize for patching" from Google Patents.

Here is a summary of the patent:

Publication Number: US11892897B2
Inventors: Paulo Shakarian, Mohammed Almukaynizi, Jana Shakarian, Eric Nunes, Krishna Dharaiya, Manoj Balasubramaniam Senguttuvan, Alexander Grimm
Current Assignee: Skysong Innovations LLC
Filing Date: 2018-10-26
Publication Date: 2024-02-06
Abstract: Various embodiments for predicting which software vulnerabilities will be exploited by malicious hackers and hence prioritized by patching are disclosed.

To identify the most relevant prior art, I will examine the "Cited patents" section of US11892897 on Google Patents. Since directly analyzing anticipation under 35 U.S.C. § 102 requires a detailed legal and technical comparison of the full claims and specifications, which is beyond the scope of this AI, I will provide an informed inference based on the abstract of the cited patents and the general scope of claims in US11892897.

Claims of US11892897 to be considered for potential anticipation:

The claims of US11892897 focus on a computer-implemented method and system for predicting software vulnerability exploitation. Key elements include:

Accessing vulnerability data from multiple sources (NVD, EDB, ZDI, Darkweb).
Extracting features from this data (e.g., textual descriptions, CVSS scores, proof-of-concept presence, darkweb language, social network features).
Training a machine learning model (e.g., Random Forest, SVM) using these features and ground truth (Symantec attack signatures).
Generating an exploitation likelihood output.

For this analysis, I will focus on Claim 1, as it is an independent claim and generally representative of the broadest scope of the invention:
Claim 1: A computer-implemented method for predicting which software vulnerabilities will be exploited by malicious hackers to prioritize for patching, the method comprising:
accessing, by a computing device, vulnerability data from a plurality of data sources, wherein the plurality of data sources comprises at least a National Vulnerability Database (NVD) and a darkweb database collected from mining darknet marketplaces and forums;
extracting, by the computing device, a plurality of features from the accessed vulnerability data, the plurality of features comprising at least textual features derived from descriptions of vulnerabilities and metadata related to a social network structure of users posting hacking-related content in darkweb forums;
training, by the computing device, a machine learning model using the plurality of features and ground truth data comprising attack signatures of exploits detected in the wild; and
generating, by the computing device, an exploitation likelihood output for a given software vulnerability based on the trained machine learning model, wherein the exploitation likelihood output is utilized to prioritize the given software vulnerability for patching.

Identified Prior Art Citations for US11892897:

The patent US11892897 cites numerous prior art documents. For brevity and relevance, I will focus on a selection of patents that appear most directly related to the core concepts of vulnerability prediction using diverse data sources and machine learning.

1. US9881146B1: System and method for predicting zero-day vulnerabilities in a system

Full Citation: US9881146B1, System and method for predicting zero-day vulnerabilities in a system.
Publication Date: 2018-01-30
Filing Date: 2016-09-02
Brief Description: This patent describes a system and method for predicting zero-day vulnerabilities by analyzing various data, including source code, network traffic, and system logs, to identify patterns indicative of vulnerabilities. It involves collecting system data, identifying potential vulnerabilities, and generating a zero-day vulnerability prediction.
Potential Anticipation (35 U.S.C. § 102): This patent potentially anticipates aspects of Claim 1 related to "predicting... software vulnerabilities" and "extracting... features" for prediction. Specifically, the concept of collecting system data and identifying patterns for vulnerability prediction broadly aligns with the initial steps of US11892897. However, US11892897's focus on combining specific external data sources (EDB, ZDI, Darkweb) and explicitly using "social network structure of users posting hacking-related content in darkweb forums" as features, along with "ground truth data comprising attack signatures of exploits detected in the wild," may differentiate it.

2. US9485176B2: Methods and systems for network anomaly detection and attack forecasting

Full Citation: US9485176B2, Methods and systems for network anomaly detection and attack forecasting.
Publication Date: 2016-11-01
Filing Date: 2015-02-12
Brief Description: This patent details methods and systems for detecting anomalies and forecasting attacks in a network. It involves collecting network event data, building models for normal behavior, detecting deviations, and predicting future attack events based on these anomalies. It utilizes machine learning techniques to identify and predict malicious activities.
Potential Anticipation (35 U.S.C. § 102): This patent broadly anticipates the idea of "predicting" security-related events using collected data and machine learning, as described in Claim 1. The forecasting of "attack events" could be seen as related to "predicting which software vulnerabilities will be exploited." However, the specific data sources (darkweb, NVD, EDB, ZDI) and the types of features (social network metadata, textual features from darkweb forums) explicitly recited in Claim 1 of US11892897 appear to offer a different scope than the network anomaly detection focus of US9485176B2.

3. US9639739B2: Adaptive exploit prediction and mitigation

Full Citation: US9639739B2, Adaptive exploit prediction and mitigation.
Publication Date: 2017-05-02
Filing Date: 2015-02-27
Brief Description: This patent describes an adaptive system for predicting and mitigating exploits. It involves identifying vulnerabilities, predicting exploitability based on various factors, and then implementing mitigation strategies. The system may adapt its prediction and mitigation based on observed exploit attempts.
Potential Anticipation (35 U.S.C. § 102): This patent directly addresses "exploit prediction," aligning closely with the title and core objective of US11892897. Aspects of "predicting exploitability based on various factors" in US9639739B2 could potentially anticipate the "extracting... a plurality of features" and "training... a machine learning model" steps of Claim 1 of US11892897. The novelty of US11892897 likely lies in the specific combination of data sources, the explicit inclusion of darkweb social network metadata as features, and the use of "ground truth data comprising attack signatures of exploits detected in the wild" for training, which might not be explicitly detailed in US9639739B2.

4. US9094380B2: System and method for automated cyber threat intelligence acquisition

Full Citation: US9094380B2, System and method for automated cyber threat intelligence acquisition.
Publication Date: 2015-07-28
Filing Date: 2013-09-24
Brief Description: This patent describes a system for automatically acquiring cyber threat intelligence from various sources, including open-source and proprietary feeds. It involves collecting, processing, and analyzing threat data to generate actionable intelligence.
Potential Anticipation (35 U.S.C. § 102): This patent could potentially anticipate the "accessing... vulnerability data from a plurality of data sources" aspect of Claim 1 of US11892897, particularly in the context of "cyber threat intelligence acquisition." However, US11892897 goes further by specifying the use of this data within a machine learning model for predicting exploitation likelihood for patch prioritization, and identifies specific types of data (darkweb, social network metadata) and ground truth (Symantec attack signatures) that may distinguish its claims.

5. US8739294B1: System and method for determining a security risk rating for an application

Full Citation: US8739294B1, System and method for determining a security risk rating for an application.
Publication Date: 2014-05-27
Filing Date: 2011-09-02
Brief Description: This patent describes a system and method for assessing security risk by analyzing an application's characteristics and vulnerabilities. It generates a security risk rating based on factors like vulnerability severity, potential impact, and exploitability.
Potential Anticipation (35 U.S.C. § 102): This patent anticipates the broader concept of "assessing the likelihood of exploitation" or "prioritizing for patching" through a "security risk rating," which is an underlying goal of US11892897. The "determining a security risk rating" could be considered a form of "exploitation likelihood output." However, US11892897's novelty may reside in the specific machine learning approach, the integration of diverse and specialized data sources like darkweb forums, and the utilization of social network features, as laid out in Claim 1.

It is important to reiterate that this analysis is an inference based on the provided abstracts and the claims of US11892897. A definitive determination of anticipation under 35 U.S.C. § 102 would require a detailed claim construction and a thorough comparison of the full specifications of all cited prior art patents with all claims of US11892897.I have analyzed US Patent 11892897, titled "Systems and methods for predicting which software vulnerabilities will be exploited by malicious hackers to prioritize for patching". The patent was filed on October 26, 2018, and published on February 6, 2024. The current assignee is Skysong Innovations LLC.

The core of US11892897 involves a computer-implemented method and system for predicting vulnerability exploitation. Key steps outlined in Claim 1 include: accessing vulnerability data from multiple sources (specifically NVD and a darkweb database), extracting features (textual descriptions, darkweb social network metadata), training a machine learning model with these features and "ground truth data comprising attack signatures of exploits detected in the wild," and generating an exploitation likelihood output to prioritize patching.

Below is an analysis of potentially relevant prior art patents cited by US11892897, including their full citation, publication/filing dates, a brief description, and a high-level inference of which claim(s) of US11892897 they might potentially anticipate under 35 U.S.C. § 102. Please note that this is an inference based on the provided patent text and abstracts; a definitive legal determination of anticipation would require a comprehensive legal review.