Methods and apparatus for intrusion prevention using global and local feature extraction contexts

Assignee

• Trend Micro Incorporated · JP

Inventors

• Josiah Dede Hagen · Austin, US
• Jonathan Edward Andersson · Round Rock, US
• Shoufu Luo · San Jose, US
• Brandon Niemczyk · Hutto, US
• Leslie Zsohar · Round Rock, US
• Craig D. Botkin · Cedar Park, US
• Peter Andriukaitis · Austin, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0227
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In one embodiment, local begin and end tags are detected by a network security device to determine a local context of a network traffic flow, and a local feature vector is obtained for that local context. At least one triggering machine learning model is applied by the network security device to the local feature vector, and the result determines whether or not deeper analysis is warranted. In most cases, very substantial resources are not required because deeper analysis is not indicated. If deeper analysis is indicated, one or more deeper machine learning model may then be applied to global and local feature vectors, and regular expressions may be applied to packet data, which may include the triggering data packet and one or more subsequent data packets. Other embodiments, aspects and features are also disclosed.