Using Neural Networks to Process Forensics and Generate Threat Intelligence Information

摘要

Aspects of the disclosure relate to generating threat intelligence information. A computing platform may receive forensics information corresponding to message attachments. For each message attachment, the computing platform may generate a feature representation. The computing platform may input the feature representations into a neural network, which may result in a numeric representation for each message attachments. The computing platform may apply a clustering algorithm to cluster each message attachments based on the numeric representations, which may result in clustering information. The computing platform may extract, from the clustering information, one or more indicators of compromise indicating that one or more attachments corresponds to a threat campaign. The computing platform may send, to an enterprise user device, user interface information comprising the one or more indicators of compromise, which may cause the enterprise user device to display a user interface identifying the one or more indicators of compromise.