System and method for prediction of future threat actions

What is claimed is: 1. A computer implemented method, the computer having a processor and memory, the method comprising: detecting by the computer a threat indicator that provides an indication of an attack against a networked system of information handling systems; representing the threat indicator in part by numerical parameters; normalizing the numerical parameters; adding attributes to the threat indicator, thereby producing an event that represents an element of an attack against the networked system of information handling systems; adding attributes to other threat indicators, thereby producing other events; calculating one or more measures of association between the event and the other events based upon the normalized numerical parameters, wherein the one or more measures of association between the event and other events include one or more of the following: a Kendall's tau between the event and the other events; and a conditional entropy between the event and the other events; finding an association of the event with another event based upon the one or more measures of association; determining possible future attacks on the networked system of information handling systems based upon the association; for each possible future attack of the possible future attacks, determining a probability of the possible future attack based upon the one or more measures of association between the event and the other event; assessing a risk to the networked system based upon the probabilities of possible future attacks; and determining a defense posture for the networked system based upon the risk. 2. The computer implemented method of claim 1 , wherein: the other event provides an indication of another attack, the other attack attributed to a threat actor group; and the method further comprises attributing the attack to the threat actor group based upon the association. 3. The computer implemented method of claim 2 , further comprising calculating a probability that the threat actor group caused the attack according to the formula: LIK ⁡ ( Y + , Y r , Y τ , Y h ) = e β ^ ⁡ ( Y + ; Y r , Y τ , Y h ) 1 + e β ^ ⁡ ( Y + ; Y r , Y τ , Y h ) wherein: {circumflex over (β)} is an estimator of a statistical relationship between measurements for a threat actor group and similar events in an data repository, Y + is an event, Y r is a list of covariance values between Y+ and other events in an event store, Y t is a list of Kendall's tau values between Y+ and the other events in the event store, and Y h is a list of conditional entropy values between Y+ and the other events in the event store. 4. The computer implemented method of claim 2 , wherein a capability of the threat actor group is added to the threat indicator as an attribute. 5. The computer implemented method of claim 2 , wherein the attributing the attack to the threat actor group includes determining that the other event is an extremal 3-tuple for a join of a conditional entropy of the event with the other events, a Kendall's tau of the event with the other events, and a covariance of the event with the other events. 6. The computer implemented method of claim 1 , wherein the determining the probability comprises performing a regression analysis on the normalized numerical parameters and the one or more measures of association. 7. The computer implemented method of claim 6 , wherein the performing the regression analysis comprises performing a probit regression analysis. 8. The computer implemented method of claim 6 , wherein the performing the regression analysis comprises performing a logistic regression analysis. 9. The computer implemented method of claim 1 , wherein the determining the probability of the possible future attack comprises: generating a set of potential actions Â; receiving an input logistic prediction model {circumflex over (β)}, wherein {circumflex over (β)} describes a relationship between predictors and a probability that one of the set of potential actions  will be taken; and applying the model {circumflex over (β)}to values of the predictors, thereby producing propensity scores. 10. The computer implemented method of claim 1 , wherein the determining the probability comprises applying a model {circumflex over (β)} to input values, the input values including the one or more measures of association. 11. A networked system of information handling systems, comprising: an intrusion protection and detection system to: detect a threat indicator that provides an indication of an attack against the networked system; represent the threat indicator in part by numerical parameters; normalize the numerical parameters; add attributes to the threat indicator, thereby producing an event that represents an element of an attack against the networked system of information handling systems; add attributes to other threat indicators, thereby producing other events; calculate one or more measures of associatio