Collaborative and Adaptive Threat Intelligence for Computer Security
First Claim
1. A method for collaborative and adaptive threat intelligence, comprising:
- receiving data collected on a first customer network;
training one or more local models with at least the received data, wherein the one or more local models are related to security;
determining an amount of data to transmit to a centralized controller based at least on a result of the training one or more local models;
transmitting the determined amount of data to the centralized controller;
receiving, from the centralized controller, result data that is a result of one or more global models trained on the centralized controller using data collected on a plurality of customer networks including the first customer network;
adjusting the one or more local models using the received result data; and
training the one or more adjusted local models.
3 Assignments
0 Petitions
Accused Products
Abstract
Collaborative and adaptive threat intelligence. Data collected on a first customer network is received. One or more local models are trained with at least the received data, where the one or more local models are related to security. An amount of data to transmit to a centralized controller is determined based at least on a result of the training one or more local models and the determined amount of data is transmitted to the centralized controller. Result data is received from the centralized controller that is a result of one or more global models trained on the centralized controller using data collected on multiple customer networks including the first customer network. The one or more local models are adjusted using the received result data and the one or more adjusted local models are trained.
277 Citations
21 Claims
-
1. A method for collaborative and adaptive threat intelligence, comprising:
-
receiving data collected on a first customer network; training one or more local models with at least the received data, wherein the one or more local models are related to security; determining an amount of data to transmit to a centralized controller based at least on a result of the training one or more local models; transmitting the determined amount of data to the centralized controller; receiving, from the centralized controller, result data that is a result of one or more global models trained on the centralized controller using data collected on a plurality of customer networks including the first customer network; adjusting the one or more local models using the received result data; and training the one or more adjusted local models. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine-readable storage medium that provides instructions that, if executed by a processor, will cause said processor to perform operations comprising:
-
receiving data collected on a first customer network; training one or more local models with at least the received data, wherein the one or more local models are related to security; determining an amount of data to transmit to a centralized controller based at least on a result of the training one or more local models; transmitting the determined amount of data to the centralized controller; receiving, from the centralized controller, result data that is a result of one or more global models trained on the centralized controller using data collected on a plurality of customer networks including the first customer network; adjusting the one or more local models using the received result data; and training the one or more adjusted local models. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for collaborative and adaptive threat intelligence, comprising:
-
a processor; and a non-transitory machine-readable storage medium containing instructions executable by said processor whereby said apparatus is operative to; receive data collected on a first customer network; train one or more local models with at least the received data, wherein the one or more local models are related to security; determine an amount of data to transmit to a centralized controller based at least on a result of the training one or more local models; transmit the determined amount of data to the centralized controller; receive, from the centralized controller, result data that is a result of one or more global models trained on the centralized controller using data collected on a plurality of customer networks including the first customer network; adjust the one or more local models using the received result data; and train the one or more adjusted local models. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification