| CPC H04L 63/1416 (2013.01) [G06F 17/18 (2013.01); G06F 21/564 (2013.01); G06N 3/045 (2023.01); G06N 3/047 (2023.01)] | 20 Claims |
|
1. A method for distributing knowledge of intrusion attacks derived from a plurality of software defined data centers (SDDCs) in a given region, each of the plurality of SDDCs in the given region having a respective convolutional neural network (CNN), the plurality of SDDCs in the given region being linked to each other, the method comprising:
transferring knowledge derived from training of the respective CNN of each of the plurality of SDDCs in the given region to a centralized generative adversarial neural network (GANN) for the given region that includes a discriminator and a generator, wherein the respective CNN of each of the plurality of SDDCs in the given region is trained with intrusion signatures available to the respective CNN based on local intrusion attacks at an SDDC of the plurality of SDDCs in the given region that is associated with the respective CNN, and wherein the discriminator of the GANN receives the knowledge of the respective CNN of each of the plurality of SDDCs in the given region and trains the generator of the GANN;
receiving and transferring knowledge in the generator of the centralized GANN to the respective CNN of each of the plurality of SDDCs in the given region, wherein the respective CNN of each of the plurality of SDDCs in the given region can use either knowledge derived from its training or the received knowledge from the generator to perform intrusion detection and prevention of incoming data packets; and
detecting, by the respective CNN of a given SDDC of the plurality of SDDCs in the given region, a distributed attack targeting multiple SDDCs of the plurality of SDDCs in the given region based on the received knowledge from the generator.
|