CPC G06N 20/20 (2019.01) [G06F 21/554 (2013.01); G06F 2221/033 (2013.01)] | 17 Claims |
1. A method comprising:
in a cloud-based security system, receiving a content item between a user device and a location on the Internet or an enterprise network;
utilizing a trained machine learning ensemble model to determine whether the content item is malicious;
determining one or more blind spots in the trained machine learning ensemble model by identifying content items which include combination of features not seen by the trained machine learning ensemble model, or content items which are similar to other content items with conflicting labels, wherein determined blind spots are marked or otherwise noted;
responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item; and
responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item.
|