System and method for attribution of actors to indicators of threats to a computer system and prediction of future threat actions

What is claimed is: 1. A computer implemented method, the computer having a processor and memory, the method comprising: detecting by the computer a threat indicator that provides an indication of an attack against a networked system of information handling systems; representing the threat indicator in part by numerical parameters; normalizing the numerical parameters; calculating one or more measures of association between the threat indicator and other threat indicators based upon the normalized numerical parameters; finding an association of the threat indicator with another threat indicator based upon the one or more measures of association, wherein the other threat indicator provides an indication of another attack, the other attack attributed to a threat actor group; attributing the attack to the threat actor group based upon the association; assigning to the threat indicator a probability that the threat actor group caused the attack; assessing a risk to the networked system based upon the threat actor group and the probability; and determining a defense posture for the networked system based upon the risk. 2. The computer implemented method of claim 1 , wherein the normalizing comprises applying an empirical cumulative distribution function. 3. The computer implemented method of claim 1 , wherein the finding the association comprises calculating a Kendall's tau between the threat indicator and the other threat indicator. 4. The computer implemented method of claim 1 , wherein the finding the association comprises calculating a covariance between the threat indicator and the other threat indicator. 5. The computer implemented method of claim 1 , wherein the finding the association comprises calculating a conditional entropy between the threat indicator and the other threat indicator. 6. The computer implemented method of claim 1 , wherein the finding the association comprises determining that at least one of a conditional entropy between the threat indicator and the other threat indicator, a Kendall's tau between the threat indicator and the other threat indicator, and a covariance between the threat indicator and the other threat indicator is a maximal value of the set of conditional entropies between the threat indicator and other threat indicators, the set of Kendall's tau between the threat indicator and the other threat indicators, and the set of covariance between the threat indicator and the other threat indicators. 7. The computer implemented method of claim 1 , wherein the finding the association comprises determining that a combination of a conditional entropy between the threat indicator and the other threat indicator, a Kendall's tau between the threat indicator and the other threat indicator, and a covariance between the threat indicator and the other threat indicator produces a maximal value of the combination between the threat indicator and other threat indicators. 8. The computer implemented method of claim 1 , wherein the assigning the probability comprises performing a regression analysis on the normalized numerical parameters and the one or more measures of association. 9. The computer implemented method of claim 8 , wherein the performing the regression analysis comprises performing a probit regression analysis. 10. The computer implemented method of claim 8 , wherein the performing the regression analysis comprises performing a logistic regression analysis. 11. The computer implemented method of claim 1 , wherein the assessing the risk to the networked system comprises: generating a set of potential actions Â; receiving an input logistic prediction model {circumflex over (β)}, wherein {circumflex over (β)} describes a relationship between predictors and a probability that one of the set of potential actions  will be taken; and applying the model {circumflex over (β)} to values of the predictors, thereby producing propensity scores. 12. The computer implemented method of claim 1 , wherein the assigning the probability comprises calculating a probability that the threat actor group caused the attack according to the formula: LI ⁢ ⁢ K ⁡ ( Y + , Y r , Y τ , Y h ) = e β ^ ⁡ ( Y + ⁢ ; ⁢ ⁢ Y r , Y τ , Y h ) 1 + e β ^ ⁡ ( Y + ⁢ ; ⁢ ⁢ Y r , Y τ , Y h ) wherein: {circumflex over (β)} is