SIGNATURE CREATION FOR UNKNOWN ATTACKS

摘要

In one embodiment, a device in a network generates an expected traffic model based on a training set of data used to train a machine learning attack detector. The device provides the expected traffic model to one or more nodes in the network. The device receives an unexpected behavior notification from a particular node of the one or more nodes. The particular node generates the unexpected behavior notification based on a comparison between the expected traffic model and an observed traffic behavior by the node. The particular node also prevents the machine learning attack detector from analyzing the observed traffic behavior. The device updates the machine learning attack detector to account for the observed traffic behavior.

主权项

1. A method, comprising:
generating, by a device in a network, an expected traffic model based on a training set of data used to train a machine learning attack detector; providing, by the device, the expected traffic model to one or more nodes in the network; receiving, at the device, an unexpected behavior notification from a particular node of the one or more nodes, wherein the particular node generates the unexpected behavior notification based on a comparison between the expected traffic model and an observed traffic behavior by the node, and wherein the particular node prevents the machine learning attack detector from analyzing the observed traffic behavior; and updating, by the device, the machine learning attack detector to account for the observed traffic behavior.