Katherine Barabash, Yaniv Ben-Itzhak, Hani Jamjoom, Anna Levin, Eran Raichstein and Shriram Rajagopalan
Feb 2017, (Granted)
Abstract. A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group. Based on receiving feedback from the security appliance instance, the service delivery controller may regroup the similarity groups, and/or redirect the network flows, and/or redistribute the training results between the appliances, and/or modify assignment of appliances to similarity groups.