US 11,669,779 B2
Prudent ensemble models in machine learning with high precision for use in network security
Dianhuan Lin, Sunnyvale, CA (US); Rex Shang, Los Altos, CA (US); Changsha Ma, Palo Alto, CA (US); Kevin Guo, Milpitas, CA (US); and Howie Xu, Palo Alto, CA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Apr. 5, 2019, as Appl. No. 16/377,129.
Prior Publication US 2020/0320438 A1, Oct. 8, 2020
Int. Cl. H04L 29/00 (2006.01); G06N 20/20 (2019.01); G06F 21/55 (2013.01)
CPC G06N 20/20 (2019.01) [G06F 21/554 (2013.01); G06F 2221/033 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method comprising:
in a cloud-based security system, receiving a content item between a user device and a location on the Internet or an enterprise network;
utilizing a trained machine learning ensemble model to determine whether the content item is malicious;
determining one or more blind spots in the trained machine learning ensemble model by identifying content items which include combination of features not seen by the trained machine learning ensemble model, or content items which are similar to other content items with conflicting labels, wherein determined blind spots are marked or otherwise noted;
responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item; and
responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item.