A SYSTEM AND METHOD FOR CROWDSOURCED CYBERSECURITY THREAT IDENTIFICATION AND MANAGEMENT

Abstract

Embodiments of the present disclosure relates to a system (102) and method (300) for crowdsourced cybersecurity threat identification and management. The system (102) is configured to acquire a plurality of vulnerability reports against IT assets in a crowdsourcing approach. Further, the system (102) is configured to compile the plurality of vulnerability reports into a centralized repository. Further, the system (102) is configured to convert the plurality of vulnerability reports into a vectorized dataset. Further, the system (102) is configured to predict vulnerabilities for new IT assets by leveraging the vectorized dataset. Furthermore, the system (102) is configured to protect the IT assets against known attack vectors based on the predicted vulnerabilities. The system (102) leverages crowdsourced vulnerability reports, categorizes them by asset type and technology, vectorizes data for machine learning analysis, and provides proactive security recommendations to predict and mitigate cybersecurity threats.

Specification

Description:TECHNICAL FIELD
[0001] The present disclosure relates to the field of cybersecurity. More specifically, the present disclosure relates to a system and method for crowdsourced cybersecurity threat identification and management.

BACKGROUND
[0002] Background description includes information that may be useful in understanding the present disclosure. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed disclosure, or that any publication specifically or implicitly referenced is prior art.
[0003] IT assets refer to hardware, software, data, and network resources that organizations use to support operations, communication, and storage. These assets need protection against cyberattacks because they contain sensitive information, facilitate critical business functions, and ensure operational continuity. Cyberattacks can lead to data breaches, financial losses, and reputational damage. Securing IT assets helps prevent unauthorized access, data manipulation, and service disruption. Effective protection is essential for safeguarding organizational integrity and compliance with regulations.
[0004] Existing technologies of the management of vulnerabilities of IT assets primarily consist of platforms and code-scripts that focus on direct scanning of the IT assets and reporting of bugs. While the conventional technologies are accessible and scalable, they often overwhelm IT officers as such technologies fail to assess contextual analysis, making it hard to prioritize and address vulnerabilities. Existing platforms and code-scripts also struggle with data redundancy and management of expanding databases, often failing to handle duplicate or irrelevant entries effectively. Moreover, the existing technologies often require manual intervention and lack proactive insights. Businesses typically conduct security tests without guidance on risk areas, leading to missed vulnerabilities. Existing tools also lack the ability to search for vulnerabilities based on specific criteria like server type, backend technology, forcing reliance on generic data that may not be relevant.
[0005] To address these limitations, the present invention provides a novel system and method that overcomes the shortcomings of the prior art.

OBJECTS OF THE PRESENT DISCLOSURE
[0006] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are as listed herein below.
[0007] It is a primary object of the present disclosure to provide a system to enhance cybersecurity by crowdsourcing vulnerability reports, categorizing the vulnerability reports for analysis, and proactively recommending security measures based on historical data and machine learning.
[0008] It is an object of the present disclosure to provide a system for crowdsourced cybersecurity threat identification and management by leveraging a global pool of security researchers to identify a wide range of vulnerabilities across IT assets.
[0009] It is another object of the present disclosure to provide a system for crowdsourced cybersecurity threat identification and management that automates mapping of reports based on asset type, technology, and severity enabling easy organization and quick retrieval of relevant vulnerabilities for analysis.
[0010] It is yet another object of the present disclosure to provide a system for crowdsourced cybersecurity threat identification and management that enables creation of a comprehensive, easily accessible database of known vulnerabilities for ongoing reference and analysis.
[0011] It is still another object of the present disclosure to provide a system for crowdsourced cybersecurity threat identification and management that facilitates proactive recommendation of security measures based on historical data to mitigate risks before vulnerabilities are exploited.
[0012] It is still another object of the present disclosure to provide a system that enables vectorization of vulnerability data allowing for the use of machine learning models to identify patterns, enabling predictive analysis of future security threats.
[0013] It is still another object of the present disclosure to provide a system enabled to maintain a growing repository of categorized vulnerability reports to provide businesses with valuable insights into common attack vectors and remediation techniques.

SUMMARY
[0014] This section is provided to introduce certain objects and aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0015] The present disclosure relates to the field of cybersecurity. More specifically, the present disclosure relates to a system and method for crowdsourced cybersecurity threat identification and management.
[0016] The present system incorporates a globally verified network of security researchers to crowdsource high-quality threat intelligence, thereby augmenting cybersecurity initiatives with diverse insights and specialized knowledge. Each vulnerability report submitted through the system undergoes a stringent verification process, ensuring data integrity and relevance. This process precedes the mapping and contextual enrichment of the data, which is performed by the platform's proprietary algorithms. The structured mapping and validation of each vulnerability enable the platform to convert raw vulnerability data into actionable intelligence, thereby furnishing organizations with proactive, targeted recommendations for the protection of IT assets. The crowdsourced methodology fosters a dynamic feedback loop with the researcher community, continuously enhancing the platform's predictive accuracy and supporting an adaptive, high-trust repository of threat intelligence.
[0017] In an embodiment of the present disclosure, a system for crowdsourced cybersecurity threat identification and management is disclosed. The system comprises a processor coupled to a memory. The memory stores processor-executable instructions, which when executed, causes the processor to execute a sequence of tasks. The system is configured to acquire a plurality of vulnerability reports against IT assets in a crowdsourcing approach. Further, the system is configured to compile the plurality of vulnerability reports into a centralized repository. Further, the system is configured to convert the plurality of vulnerability reports into a vectorized dataset. Further, the system is configured to predict vulnerabilities for new IT assets by leveraging the vectorized dataset. Furthermore, the system is configured to protect the IT assets against known attack vectors based on the predicted vulnerabilities.
[0018] In an embodiment of the present disclosure, a method for crowdsourced cybersecurity threat identification and management is disclosed. The method begins with, acquiring, by the processor, the plurality of vulnerability reports against IT assets in a crowdsourcing approach. The method proceeds with, compiling, by the processor, the plurality of vulnerability reports into the centralized repository. The method proceeds with, converting, by the processor, the plurality of vulnerability reports into a vectorized dataset. The method proceeds with, predicting, by the processor, the vulnerabilities for new IT assets by leveraging the vectorized dataset. The method ends with, protecting, by the processor, the IT assets against known attack vectors based on the predicted vulnerabilities.

BRIEF DESCRIPTION OF DRAWINGS
[0019] The accompanying drawings are included to provide a further understanding of the present disclosure, and are incorporated in, and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure, and together with the description, serve to explain the principles of the present disclosure.
[0020] In the figures, similar components, and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label with a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
[0021] FIG. 1 illustrates an exemplary representation of architecture of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0022] FIG. 2 illustrates a block diagram representation of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0023] FIG. 3 illustrates an exemplary view of a flow diagram of the proposed method for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0024] FIG. 4 illustrates an exemplary representation of the operation of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
[0025] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit, and scope of the present disclosure as defined by the appended claims.
[0026] In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details.
[0027] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail to avoid obscuring the embodiments.
[0028] The present disclosure relates to the field of cybersecurity. More specifically, the present disclosure relates to a system and method for crowdsourced cybersecurity threat identification and management.
[0029] The disclosed system integrates a verified, global community of ethical hackers, enabling organizations to leverage a wide array of skills and perspectives for the identification and management of cybersecurity threats. This crowdsourced framework serves as the core of the platform's intelligence-gathering capabilities, wherein each ethical hacker undergoes a comprehensive vetting process to ensure that only high-integrity researchers participate. By utilizing this vetted community, the platform captures a broad range of vulnerabilities across diverse IT assets, thereby uncovering potential threats that may elude traditional security measures or automated tools.
[0030] In an exemplary embodiment, upon submission of vulnerability reports by researchers, the platform initiates a multi-step verification process to confirm the validity and accuracy of each report. This verification process ensures that all reported vulnerabilities are credible, relevant, and appropriately categorized. Verified reports are then encrypted and securely stored within the centralized repository, enhancing data security and preserving the confidentiality of sensitive information. The combination of a vetted community and robust verification protocols enables the platform to provide reliable, high-quality threat intelligence that organizations can act on confidently.
[0031] Furthermore, once reports are verified, the system applies proprietary algorithms to map and organize vulnerability data based on asset type, backend technology, severity, and attack vector. This data mapping ensures that vulnerabilities are not only categorized correctly but also enriched with contextual information, transforming raw vulnerability data into actionable intelligence. This enriched data enables the platform to recognize patterns, prioritize threats, and proactively recommend targeted security measures to client organizations.
[0032] In addition, the platform creates a feedback loop for its ethical hacker community. By providing insights into prioritized vulnerability types and real-world organizational needs, the platform empowers researchers to refine their focus and improve their contributions. This collaborative approach not only strengthens the platform's threat detection capabilities but also supports the professional growth of researchers by aligning their efforts with high-impact areas. As the verified community continues to grow, the platform evolves dynamically, continually refining its threat intelligence capabilities and predictive models to stay ahead of emerging cyber threats.
[0033] By integrating a verified community with an advanced data verification and mapping process, the platform delivers an innovative, high-trust solution for identifying and managing vulnerabilities in a rapidly changing threat landscape. This crowdsourced approach, augmented by proprietary algorithms, empowers organizations to proactively defend against cybersecurity threats with an unprecedented level of precision and foresight.
[0034] FIG. 1 illustrates an exemplary architecture of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0035] Illustrated in Fig. 1 is an architecture representation 100 of the system 102 for crowdsourced cybersecurity threat identification and management. The system 102 is connected to a network 104, one or more computing devices (106-1, 106-2,…,106-N) (individually referred to as one or more computing devices 106) accessible to one or more users (108-1, 108-2,…,108-N) (individually referred to as one or more users 108), and a centralized server 110. The system 102 includes a processor 202 and a memory 204. The memory 204 may include a set of instructions, which when executed, causes the processor 202 to enable crowdsourced cybersecurity threat identification and management.
[0036] In an embodiment of the present disclosure, the system 102 is configured to acquire a plurality of vulnerability reports from a global pool of security researchers from around the world. This crowdsourcing approach ensures a wide variety of vulnerabilities are discovered by different researchers, each with unique skills and perspectives. The plurality of vulnerability reports may contain detailed information about identified security flaws, including a type of asset affected (e.g., web application, database), backend technologies involved (e.g., MySQL, PHP), and tools and techniques used by the researcher to discover the issue (e.g., Burp Suite, SQLmap). The plurality of vulnerability reports may also include step-by-step instructions on how to reproduce the vulnerability, screenshots or evidence of the exploit, a severity score indicating severity, and recommended remediation steps to address the vulnerability. The plurality of vulnerability reports is PGP-encrypted to ensure secure transmission of sensitive data.
[0037] In an example embodiment, a researcher may identify an SQL injection vulnerability in an e-commerce platform. The researcher may submit a vulnerability report detailing the vulnerability, including the steps the researcher took to discover the SQL injection vulnerability, specific database queries that the researcher used to exploit the SQL injection vulnerability, and screenshots showing the vulnerability in action. The report is PGP Encrypted before submission to ensure that sensitive information is protected from unauthorized access during transit. The system 102 categorizes the SQL injection vulnerability report is categorized as Asset Type: Web Application, Backend Technology: MySQL Database, Tools Used: SQLmap (an automated tool for SQL injection). Further, the vulnerability report includes a title that may be "SQL Injection in Product Search Function", steps to reproduce the vulnerability including detailed instructions on how to replicate the SQL injection using specific payloads. Further, the vulnerability report includes screenshots including mages showing the vulnerability being exploited, a severity score that may be 9.0, indicating a high severity. Furthermore, the vulnerability report includes remediation steps including recommendations to use prepared statements instead of raw SQL queries to mitigate the vulnerability.
[0038] The system 102 is further configured to categorize and map the plurality of vulnerability reports on the basis of several key factors including asset type, backend technology used by the IT assets, and tools and technologies used by the researcher to discover the vulnerability. The system 102 is configured to automatically categorize and organize the plurality of vulnerability reports based on the type of IT assets affected. After acquiring the plurality of vulnerability reports, the system 102 is configured to analyse the plurality of vulnerability report and identify the type of IT asset involved, such as a web application, database, server, network device, or other IT infrastructure components. This categorization ensures that the vulnerabilities are organised in a structured manner, making it easier to locate and analyse specific types of vulnerabilities across different assets. A vulnerability affecting a mobile application would be categorized differently from a vulnerability impacting a cloud service. This organised approach helps to understand which IT assets are most vulnerable and how frequently certain assets are targeted. By mapping vulnerabilities in this way, the system 102 provides a clear overview of the security landscape for each type of IT asset, enabling better risk management and prioritization of security measures. Thus, the categorization by asset type allows for more efficient tracking, analysis, and response to vulnerabilities specific to different IT assets.
[0039] In an embodiment of the present disclosure, the system 102 is configured to categorize and map the plurality of vulnerability reports based on the backend technology used by the affected IT assets. By analysing the plurality of vulnerability reports, the system 102 is configured to automatically identify the specific technologies or frameworks involved, such as PHP, MySQL, Apache, JavaScript, or Node.js, that are powering the IT asset. This information is extracted from the plurality of vulnerability reports and used to categorize the vulnerability under the relevant backend technology.
[0040] In an example embodiment, if a vulnerability is found in a MySQL database or a PHP-based web application, the system 102 may be configured to assign the vulnerability report to categories like database vulnerabilities or PHP-related security issues. This mapping allows filtration and analysis of vulnerabilities associated with specific technologies they use, providing focused insights into potential weak points in their infrastructure. By organizing vulnerabilities according to backend technologies, the system 102 may identify recurring issues across particular technologies and support more effective remediation strategies, targeting technology-specific security concerns. This structured approach ensures that organizations can quickly respond to vulnerabilities linked to their core tech stack.
[0041] In an embodiment of the present disclosure, the system 102 is configured to categorize and map the plurality of vulnerability reports based on the tools and technologies used by researchers to discover the vulnerabilities. Based on the analysis of the vulnerability report, the system 102 may identify the specific tools, such as Burp Suite, SQLmap, Metasploit, or custom scripts, employed by the researcher during the discovery process. Each tool or method used is noted in the vulnerability report and becomes a key factor in categorizing the vulnerability.
[0042] In an example embodiment, if a vulnerability was found using SQLmap (a tool for automated SQL injection detection), the report is categorized under both SQL injection vulnerabilities and tools used: SQLmap. This allows the system 102 to organize the vulnerabilities not only by the type of issue but also by the techniques and tools used to uncover the vulnerabilities. Such categorization is valuable for understanding trends in security testing methods and identifying the most commonly used or effective tools for finding specific types of vulnerabilities. Businesses may then analyse which tools are frequently used to detect vulnerabilities in their infrastructure, helping them to focus on improving their defence against those specific testing techniques. This also helps researchers by showing the effectiveness of different tools in discovering particular vulnerabilities. By mapping vulnerabilities based on tools and technologies, the system 102 provides deeper insights into the methods being used to probe IT assets for security weaknesses.
[0043] In an embodiment of the present disclosure, the system 102 is configured to compile all the submitted and mapped vulnerability reports into a centralized repository. The repository serves as a comprehensive database of known vulnerabilities, allowing for easy retrieval and analysis. Over time, the repository grows to include thousands of vulnerability reports, each with detailed mappings. For instance, the vulnerability reports might contain multiple reports on SQL injection vulnerabilities, cross-site scripting (XSS) attacks, and buffer overflows across various types of assets like mobile apps, IoT devices, and cloud services.
[0044] In an embodiment of the present disclosure, the system 102 is configured to convert the data of the collected vulnerability reports into a vectorized dataset. Vectorization involves converting the textual and categorical data into numerical representations to be processed by the system 102 by applying machine learning techniques. Vectorization is crucial for enabling analysis of the data efficiently. In an example embodiment, the data contained in the vulnerability report of SQL injection, including asset type, severity, and tools used, is converted into numerical vectors. In an example embodiment, asset type that may be a web application, might be represented as [1, 0, 0, ...] where each position in the vector corresponds to a different asset type. Further, the severity that is a CVSS Score of 9.0, could be represented as [0.9], normalized between 0 and 1. Furthermore, the tools used, such as SQLmap, may be represented as [0, 1, 0, ...], with each position corresponding to a different tool.
[0045] In an embodiment of the present disclosure, the system 102 is configured to develop a recommendation engine that is configured to leverage the vectorized dataset to predict and suggest vulnerabilities for upcoming new IT assets or specific attack surfaces. The recommendation engine may be configured to apply machine learning models trained on the vectorized dataset to identify patterns and correlations between different types of vulnerabilities and asset characteristics. In an example embodiment, if someone wants to launch a new mobile app with a REST API backend, the recommendation engine may analyse the repository and suggest being cautious of potential vulnerabilities related to API endpoints, such as broken authentication, insecure data storage, and improper rate limiting, based on the data from similar past vulnerability reports.
[0046] In an embodiment of the present disclosure, the system 102 is configured to enable proactive vulnerability management by addressing potential security threats before the security threats are exploited. By recommending vulnerabilities based on historical data and patterns, the system 102 ensures that businesses can fortify the IT assets against known attack vectors. In an example embodiment, the system 102 provides recommendations, prior to the launch of a mobile application, to conduct a thorough review of API authentication mechanisms, implement robust encryption for data storage, and set up rate limiting on critical endpoints. As a result, the cyberthreat risks get mitigated and a more secure application is launched in the organization.
[0047] FIG. 2 illustrates a block diagram representation of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0048] Illustrated in Fig. 2 is a block diagram of the system 102 for crowdsourced cybersecurity threat identification and management. The system 102 comprises one or more processor(s) 202. The one or more processor(s) 202 are implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that manipulate data based on operational instructions. Among other capabilities, one or more processor(s) 202 are configured to fetch and execute computer-readable instructions stored in a memory 204. The memory 204 stores one or more computer-readable instructions or routines, which are fetched and executed to execute a sequence of tasks to facilitate crowdsourced cybersecurity threat identification and management.
[0049] In an embodiment, the system 102 also comprises an interface(s) 206. The interface 206 enables researchers to submit vulnerability reports and businesses to access and review categorized vulnerabilities. The interface 206 provides intuitive features for uploading encrypted vulnerability reports, selecting the asset type, backend technology, and tools used, as well as attaching screenshots or evidence. For businesses, the interface 206 offers search and filter options to navigate the repository by asset type, technology, severity, or tools. Further, the interface 206 displays remediation recommendations and historical trends to enable proactive vulnerability management.
[0050] In an embodiment, a processing engine(s) 208 of the processor 202 may include an acquisition module 210, a compilation module 212, a prediction module 214, a protection module 216, and other module (s) 218 but not limited to the likes. The other unit(s) 220 implements functionalities that supplement applications or functions performed by the system 102 or the processing engine(s) 208. The data (or database 220) serves, amongst other things, as a repository for storing data processed, received, and generated by one or more of the modules.
[0051] In an embodiment, the system 102 is configured to acquire the plurality of vulnerability reports against IT assets in a crowdsourcing approach via the acquisition module 210. The system 102 is configured to acquire the plurality of vulnerability reports through a crowdsourcing approach, where security researchers from around the world are invited to identify and report vulnerabilities in IT assets. Researchers submit detailed reports, including the tools, methods, and steps used to discover the vulnerabilities. This approach leverages the collective expertise of a diverse group of individuals, increasing the likelihood of uncovering a wide variety of vulnerabilities. The system 102 is further configured to categorize and securely store the plurality of vulnerability reports for analysis and action by businesses.
[0052] In an embodiment, the system 102 is configured to compile the plurality of vulnerability reports into the centralized repository and convert the plurality of vulnerability reports into a vectorized dataset via the compilation module 212. The system is 102 is configured to compile the plurality of vulnerability reports into the centralized repository, where all the submitted plurality of vulnerability reports is stored in an organized and accessible manner. Once the plurality of vulnerability reports is collected, the system 102 is configured to convert the detailed textual and categorical data into the vectorized dataset. This process involves transforming the various features of the plurality of vulnerability reports -such as asset type, backend technology, tools used, and severity-into numerical representations or vectors. For example, the asset type (e.g., web application) could be encoded as a binary vector like [1, 0, 0, …], where each position represents a different asset type, while the severity (CVSS score) could be normalized into a value between 0 and 1 (e.g., 0.9 for a score of 9.0). The vectors allow the system 102 to feed the data into the machine learning models for advanced analysis, such as identifying patterns, predicting future vulnerabilities, and making security recommendations. By storing both the original reports and their vectorized forms in the repository, the system 102 ensures efficient retrieval and enables data-driven vulnerability management.
[0053] In an embodiment, the system 102 is configured to predict vulnerabilities for new IT assets by leveraging the vectorized dataset via the prediction module 214. The system 102 is configured to use the vectorized dataset of the plurality of vulnerability reports to predict potential vulnerabilities for new IT assets. By analysing patterns and correlations in the numerical data-such as asset type, backend technologies, and common vulnerabilities-the system 102 is configured to forecast which security risks might affect similar new assets. This predictive capability helps businesses proactively address vulnerabilities before they are exploited, ensuring stronger security measures are implemented during asset development and deployment.
[0054] In an embodiment, the system 102 is configured to protect the IT assets against known attack vectors based on the predicted vulnerabilities via the protection module 216. The system 102 is configured to protect the IT assets by using predicted vulnerabilities to proactively defend against known attack vectors. Once the system 102 identifies potential risks based on historical data and patterns from the vectorized dataset, the system 102 recommends specific security measures to mitigate the vulnerabilities. Businesses may then implement the recommendations-such as updating configurations, strengthening authentication, or patching weak points-before any attacks occur. This ensures the IT assets are fortified against common or emerging threats, enhancing overall security.
[0055] FIG. 3 illustrates an exemplary view of a flow diagram of the proposed method for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0056] Illustrated in Fig. 3 is a method 300 for crowdsourced cybersecurity threat identification and management. At step 302, acquiring, by the processor 202, the plurality of vulnerability reports against IT assets in a crowdsourcing approach. At step 304, compiling, by the processor 202, the plurality of vulnerability reports into the centralized repository. At step 306, converting, by the processor 202, the plurality of vulnerability reports into a vectorized dataset. At step 308, predicting, by the processor 202, the vulnerabilities for new IT assets by leveraging the vectorized dataset. At step 310, protecting, by the processor 202, the IT assets against known attack vectors based on the predicted vulnerabilities.
[0057] In an embodiment of the present disclosure, the method 300 for crowdsourced cybersecurity threat identification and management implemented involves a structured, multi-step process that harnesses the power of a global community of security researchers, combined with advanced data processing and machine learning techniques. The system acquires security researchers from around the world to identify vulnerabilities in specific IT assets owned by businesses. The researchers actively search for security flaws, utilizing their unique skills, tools, and methodologies to test the IT infrastructure. When a researcher discovers a vulnerability, the researcher submits a detailed report that outlines the type of vulnerability, the steps taken to exploit the vulnerability, the affected IT asset, and the tools or techniques used in the discovery process. To ensure confidentiality, the plurality of vulnerability reports is PGP-encrypted during submission, protecting sensitive information from unauthorized access.
[0058] Once the plurality of vulnerability reports is received, the system 102 automatically categorizes and maps the plurality of vulnerability reports based on several key factors including asset type, backend technology, tools and techniques used, severity score (CVSS), remediation steps. All categorized reports are stored in the centralized repository, creating a structured and organized database of known vulnerabilities. The repository serves as a comprehensive, ever-growing knowledge base. The plurality of vulnerability reports is organized by asset type, technology, severity, and tools used. This allows businesses and analysts to quickly search and retrieve relevant vulnerabilities for analysis. As the repository grows with new submissions, the repository becomes a valuable resource for identifying trends and recurring attack vectors across industries and technologies.
[0059] The system 102 is configured to transform the textual and categorical data in the plurality of vulnerability reports into vectorized numerical representations. This process involves encoding key report features into a format suitable for the machine learning models. The asset type (e.g., web application) may be represented as a binary vector like [1, 0, 0, …], while the severity (CVSS score) is normalized to a value between 0 and 1. Vectorization enables the system 102 to perform complex data analysis, pattern recognition, and machine learning-based predictions. With the vectorized data, the system 102 is configured to employ machine learning models to analyse patterns and trends across the repository. The machine learning models are trained to identify correlations between asset types, backend technologies, tools used, and common vulnerabilities. When a new IT asset is introduced, the system 102 is configured to use the machine learning models to predict potential vulnerabilities that may affect the new IT asset based on historical data. For example, if a company is launching a new mobile app with a REST API backend, the system 102 may predict vulnerabilities like insecure data storage or API endpoint flaws, based on similar past reports.
[0060] Based on the predicted vulnerabilities, the system 102 may provide proactive security recommendations to help businesses protect their IT assets before vulnerabilities are exploited. The recommendations may include suggestions like implementing encryption for sensitive data, using prepared statements to avoid SQL injection, or setting up proper access controls. Businesses can act on these recommendations by adjusting their configurations, patching potential weaknesses, or performing additional security reviews during development stages. Once the recommendations are implemented, the system 102 continues to monitor the IT assets for new vulnerabilities. As new vulnerability reports are submitted by researchers, the vulnerability reports are added to the repository, further refining the ability of the system 102 to predict and prevent future threats. The system 102 stays up to date with the latest threat data and continuously improves the machine learning models, ensuring that businesses receive current and relevant security insights. Further, the system 102 empowers businesses to make informed decisions regarding their security posture. By leveraging the plurality of vulnerability reports from the centralized repository and machine learning predictions, companies can prioritize vulnerabilities based on severity and potential impact, allocating resources efficiently for remediation. The system 102 fosters an efficient and secure communication channel between researchers and businesses, enabling the responsible disclosure of vulnerabilities. Researchers may be rewarded for their findings, while businesses benefit from timely and actionable threat intelligence.
[0061] FIG. 4 illustrates an exemplary representation of the operation of the proposed system for crowdsourced cybersecurity threat identification and management, in accordance with an embodiment of the present disclosure.
[0062] Illustrated in Fig. 4 is a representation 400 of the mode of operation of the system 102. The system 102 begins operation with accepting the plurality of vulnerability reports for the IT assets of businesses from a global pool of security researchers. The plurality of vulnerability reports is encrypted using PGP to ensure data security during transit. The system 102 compiles the plurality of encrypted vulnerability reports, wherein each report details steps taken to discover the vulnerability, exploit used, and accompanying evidence such as screenshots.
[0063] The system 102 then proceeds with categorizing each received vulnerability report based on the asset type, backend technology, and tools used by the researchers and mapping each report with a title, steps to reproduce, screenshots, CVSS score, and recommended remediation steps. The system 102 proceeds further with storing and organizing the categorized vulnerability reports in the centralized repository to facilitate easy retrieval and analysis. The system 102 now operates on the vulnerability data by accessing the centralized repository containing categorized vulnerability reports and converting the textual and categorical data from the vulnerability reports into numerical vectors that represent asset types, severity scores, and tools used. The system 102 proceeds with storing the vectorized data in a dataset accessible for further machine learning analysis. The vectorization process includes normalization techniques to scale severity scores and encode categorical data into binary vectors.
[0064] The system 102 proceeds further with developing the recommendation engine for IT asset vulnerabilities. The recommendation engine is developed by training machine learning models on the vectorized dataset created from the vectorized vulnerability reports and analysing new IT assets or specific attack surfaces using the trained models. The system 102 then proceeds with generating and providing vulnerability recommendations based on identified patterns and correlations between different types of vulnerabilities and asset characteristics. The recommendation engine suggests vulnerabilities for new IT assets, such as mobile apps with REST API backends, by analysing similar past reports in the repository to identify common vulnerability types like broken authentication or insecure data storage.
[0065] The system 102 enables proactive vulnerability management by utilizing recommendations generated by the machine learning models to advise businesses on potential security threats before IT asset exploitation. The system ends the operation with implementing preventive measures such as robust encryption, rate limiting, and secure authentication mechanisms based on the recommendations, thereby fortifying IT assets against known and predicted attack vectors.
[0066] While the foregoing describes various embodiments of the invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are comprised to enable a person having ordinary skill in the art to make and use the invention when combined with information and knowledge available to the person having ordinary skill in the art.

ADVANTAGES OF THE INVENTION
[0067] The present disclosure provides a system to enhance cybersecurity by crowdsourcing vulnerability reports, categorizing the vulnerability reports for analysis, and proactively recommending security measures based on historical data and machine learning.
[0068] The present disclosure provides a system for crowdsourced cybersecurity threat identification and management by leveraging a global pool of security researchers to identify a wide range of vulnerabilities across IT assets.
[0069] The present disclosure provides a system for crowdsourced cybersecurity threat identification and management that automates mapping of reports based on asset type, technology, and severity enabling easy organization and quick retrieval of relevant vulnerabilities for analysis.
[0070] The present disclosure provides a system for crowdsourced cybersecurity threat identification and management that enables creation of a comprehensive, easily accessible database of known vulnerabilities for ongoing reference and analysis.
[0071] The present disclosure provides a system for crowdsourced cybersecurity threat identification and management that facilitates proactive recommendation of security measures based on historical data to mitigate risks before vulnerabilities are exploited.
[0072] The present disclosure provides a system for that enables vectorization of vulnerability data allowing for the use of machine learning models to identify patterns, enabling predictive analysis of future security threats.
[0073] The present disclosure provides a system enabled to maintain a growing repository of categorized vulnerability reports to provide businesses with valuable insights into common attack vectors and remediation techniques.
, Claims:1. A system (102) for crowdsourced cybersecurity threat identification and management, the system (102) comprising:
a processor (202); and
a memory (204) coupled to the processor (202), wherein the memory (204) comprises processor-executable instructions, which on execution, causes the processor (202) to:
acquire a plurality of vulnerability reports against IT assets in a crowdsourcing approach;
compile the plurality of vulnerability reports into a centralized repository;
convert the plurality of vulnerability reports into a vectorized dataset;
predict vulnerabilities for new IT assets by leveraging the vectorized dataset; and
protect the IT assets against known attack vectors based on the predicted vulnerabilities.

2. The system (102) as claimed in claim 1, wherein the processor (202) is configured to protect the IT assets comprising web applications, databases, and networks against cyberattacks.

3. The system (102) as claimed in claim 1, wherein the processor (202) is configured to retrieve the plurality of vulnerability reports from the centralized repository to analyse the plurality of vulnerability reports and fortify the IT assets against cyberattacks based on the analysis.

4. The system (102) as claimed in claim 1, wherein the processor (202) is configured to assign a score to each of the plurality of vulnerability reports based on a degree of severity of the vulnerability.
5. The system (102) as claimed in claim 1, wherein the processor (202) is configured to categorize and map the plurality of vulnerability reports based on a type of the IT assets, backend technology of the IT assets, tools related to the IT assets, and remediation of vulnerabilities for storing the plurality of vulnerability reports in the centralized repository.

6. The system (102) as claimed in claim 1, wherein the processor (202) is configured to convert textual data and categorical data of the plurality of vulnerability reports in the repository into numerical vectors to obtain the vectorized dataset.

7. The system (102) as claimed in claim 1, wherein the processor (202) is configured to use the vectorized dataset to create a machine learning-based recommendation engine to predict potential vulnerabilities for the new IT assets.

8. The system (102) as claimed in claim 1, wherein the processor (202) is configured to train a machine learning-based recommendation engine on past vulnerability reports to identify patterns and correlations between the IT assets and vulnerabilities.

9. The system (102) as claimed in claim 1, wherein the processor (202) is configured to apply machine learning techniques to analyse patterns and learn from historical vulnerabilities to identify and mitigate threats of cyberattacks.

10. A method (300) for crowdsourced cybersecurity threat identification and management, the method (300) comprising steps of:
acquiring (302), by a processor (202), a plurality of vulnerability reports against IT assets in a crowdsourcing approach;
compiling (304), by the processor (202), the plurality of vulnerability reports into a centralized repository;
converting (306), by the processor (202), the plurality of vulnerability reports into a vectorized dataset; and
predicting (308), by the processor (202), vulnerabilities for new IT assets by leveraging the vectorized dataset; and
protecting (310), by the processor (202), the IT assets against known attack vectors based on the predicted vulnerabilities.

Documents