| CPC G06N 3/08 (2013.01) [G06N 5/02 (2013.01)] | 19 Claims |
|
1. A computer system comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the computer system to perform a set of operations, the set of operations comprising:
collecting domain attribute data comprising one or more domain attribute features for a domain, the domain attribute features comprising static features associated with the domain;
collecting sampled domain profile data comprising one or more domain profile features for the domain, the domain profile features comprising behavioral features obtained from historical records indicating a number of threats to users in communication with the domain;
generating, using the domain attribute data and the sampled domain profile data, a domain reputation assignment utilizing a neural network by:
generating, using a first neural network, predicted domain profile features across multiple points in time, based on a current observation of domain features, the current observation of domain features including a current observation of the one or more domain attribute features and a current observation of the one or more domain profile features and a recurrent domain state determined by the first neural network; and
generating, using a second neural network based on the predicted domain profile features generated across the multiple points in time, wherein the second neural network is a trained machine learning model for real-time sampling to evaluate the domain attribute data associated with a domain name that is contemporaneously generated when the domain attribute data is evaluated, a predicted domain reputation for the domain across the multiple points in time; and
automatically blocking requests for content from the domain based on the generated domain reputation assignment and generating a graphical indication of risk associated with the domain based on the generated predicted domain reputation for the domain.
|