| CPC H04L 63/0263 (2013.01) [H04L 41/16 (2013.01); H04L 63/1425 (2013.01)] | 18 Claims |
|
1. A computer implemented method of automatically generating security rules for a networked environment based on anomalies identified using Machine Learning (ML), comprising:
using at least one processor for:
receiving at least one feature vector comprising a plurality of operational parameters of a plurality of objects of a networked environment;
identifying at least one anomaly pattern in the networked environment by applying at least one trained ML model to the at least one feature vector, the at least one ML model is trained to identify patterns deviating from normal behavior of the plurality of objects, wherein the at least one anomaly pattern is indicative of at least one previously unknown threat to the networked environment;
generating a set of behavioral rules that represent the identified at least one anomaly pattern by parsing the identified at least one anomaly pattern, wherein parsing the identified at least one anomaly pattern is performed by traversing the identified at least one anomaly pattern through a tree-like model;
generating at least one security rule for the networked environment according to the set of behavior rules;
wherein the at least one security rule is applied by one or more network access equipment to increase security of the networked environment; and
generating, from the set of behavioral rules, a visual n-dimensional feature map describing an anomaly region of the detected anomaly patterns, wherein n is an integer greater than two.
|