| CPC H04L 63/1425 (2013.01) [H04L 41/142 (2013.01); H04L 41/145 (2013.01); H04L 61/5007 (2022.05)] | 17 Claims |
|
1. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform steps of:
collecting and storing positive data associated with real observed communications over a network;
generating a network communication model based on the positive data;
generating negative data based on the network communication model, the negative data representing traffic that the network communication model should not allow, wherein the negative data is generated by collecting all unique pairs from the observed positive data, and generating a plurality of new unique pairs which do not exist in the network communication model, and wherein a unique pair represents a connection between a source host and application and a destination host and application;
calculating a precision of the network communication model based on the network communication model and the negative data; and
calculating an accuracy of the network communication model based on one or more of the precision of the network communication model, or the network communication model and the positive data.
|