摘要 |
This disclosure is directed to a protection system including security rule evaluation. A device may comprise a protection module to identify threats to at least one of the device or to a network including the device. The protection module may include, for example, a rule evaluator (RE) module to evaluate proposed security rules for identifying the threats based on at least one ground truth scenario and to determine whether to promote the proposed security rules to new security rules. The proposed security rules may be generated by the protection module or received from other devices in the network or other networks. New security rules may be shared with the other devices and/or networks. The RE module may further trigger an independent evaluation of the proposed security rules, which may also be considered when determining whether to add the proposed security rules to the set of active rules in the device. |