| CPC H04L 63/1425 (2013.01) [G06N 3/045 (2023.01); H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 17 Claims |
|
1. An apparatus, comprising:
a memory; and
a processor operatively coupled to the memory, the processor configured to:
identify an internet protocol (IP) address associated with potentially malicious content,
define each row from a set of rows of a matrix by applying a different subnet mask from a plurality of subnet masks to a binary representation of the IP address to define that row of the matrix,
apply a convolutional window across the set of rows of the matrix to identify a relative contribution of each row from the set of rows to define a representation of the matrix,
provide the representation of the matrix as an input to a machine learning model (ML model), and
receive, from the ML model, a score associated with a maliciousness of the IP address, the score being based on a classification associated with the IP address.
|