Dynamically optimizing performance of a security appliance

摘要

A device may identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs. The device may identify, based on the set of predicted efficiencies, a particular security function, and may cause the particular security function to be executed on the unknown object. The device may determine whether another security function is to be executed on the unknown object.

主权项

1. A device, comprising:
one or more processors, at least partially implemented in hardware, to:
receive an unknown object;identify a set of features associated with the unknown object;determine, based on inputting the set of features into a threat prediction model, a set of predicted threat scores,
the threat prediction model being associated with a set of security functions, anda predicted threat score, of the set of predicted threat scores,corresponding to a security function of the set of security functions;determine, based on the set of predicted threat scores, a set of predicted utility values,
a predicted utility value, of the set of predicted utility values,corresponding to a security function of the set of security functions;determine a set of costs corresponding to the set of security functions;determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs;identify, based on the set of predicted efficiencies, a particular security function, of the set of security functions, that is to be executed on the unknown object;cause the particular security function to be executed on the unknown object in order to determine a current threat score associated with the unknown object; anddetermine, based on the current threat score, whether another security function, of the set of security functions, is to be executed on the unknown object.