Deployment of Machine Learning Models for Discernment of Threats
First Claim
1. A method for implementation by one or more data processors forming part of at least one computing device, the method comprising:
- detecting, by at least one data processor, a mismatch between model-based classifications produced by a first version of a computer-implemented machine learning threat discernment model and a second version of a computer-implemented machine learning threat discernment model for a file;
analyzing, by at least one data processor, the mismatch to determine appropriate handling for the file, the analyzing comprising comparing a human-generated classification for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model, the analyzing further comprising allowing the human-generated classification to dominate when it is available; and
taking, by at least one data processor, an action based on the analyzing.
1 Assignment
0 Petitions
Accused Products
Abstract
A mismatch between model-based classifications produced by a first version of a machine learning threat discernment model and a second version of a machine learning threat discernment model for a file is detected. The mismatch is analyzed to determine appropriate handling for the file, and taking an action based on the analyzing. The analyzing includes comparing a human-generated classification status for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model. The analyzing can also include allowing the human-generated classification status to dominate when it is available.
29 Citations
27 Claims
-
1. A method for implementation by one or more data processors forming part of at least one computing device, the method comprising:
-
detecting, by at least one data processor, a mismatch between model-based classifications produced by a first version of a computer-implemented machine learning threat discernment model and a second version of a computer-implemented machine learning threat discernment model for a file; analyzing, by at least one data processor, the mismatch to determine appropriate handling for the file, the analyzing comprising comparing a human-generated classification for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model, the analyzing further comprising allowing the human-generated classification to dominate when it is available; and taking, by at least one data processor, an action based on the analyzing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one data processor forming part of at least one computing device, cause the at least one data processor to perform operations comprising:
-
detecting a mismatch between model-based classifications produced by a first version of a computer-implemented machine learning threat discernment model and a second version of a computer-implemented machine learning threat discernment model for a file; analyzing the mismatch to determine appropriate handling for the file, the analyzing comprising comparing a human-generated classification for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model, the analyzing further comprising allowing the human-generated classification to dominate when it is available; and taking an action based on the analyzing. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
at least one data processor; and memory storing instructions which, when executed by the at least one data processor, result in operations comprising; detecting a mismatch between model-based classifications produced by a first version of a computer-implemented machine learning threat discernment model and a second version of a computer-implemented machine learning threat discernment model for a file; analyzing the mismatch to determine appropriate handling for the file, the analyzing comprising comparing a human-generated classification for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model, the analyzing further comprising allowing the human-generated classification to dominate when it is available; and taking an action based on the analyzing. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification