CPC H04L 63/104 (2013.01) [G06N 20/00 (2019.01); H04L 63/20 (2013.01)] | 17 Claims |
1. A method, comprising:
receiving, at a device in a network, an access policy and a machine learning-based class behavioral model for a node in the network that are associated with a class that is associated with a Manufacturer Usage Description (MUD) Universal Resource Identifier (URI) asserted by the node, wherein the class behavioral model is generated based on traffic data observed from one or more devices of the class asserted by the node and on synthetic traffic data formed from the access policy associated with the class asserted by the node;
applying, by the device, the access policy and class behavioral model to traffic associated with the node;
identifying, by the device, a deviation in a behavior of the node from the class behavioral model, based on the applying of the class behavioral model to the traffic associated with the node; and
causing, by the device, performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
|