Cisco Systems, Inc.
Preserving privacy in exporting device classification rules from on-premise systems

Abstract:

In one embodiment, a device in a network obtains data indicative of a device classification rule, a device type label associated with the rule, and a set of positive and negative feature vectors used to create the rule. The device replaces similar feature vectors in the set of positive and negative feature vectors with a single feature vector, to form a reduced set of feature vectors. The device applies differential privacy to the reduced set of feature vectors. The device sends a digest to a cloud service. The digest comprises the device classification rule, the device type label, and the reduced set of feature vectors to which differential privacy was applied. The service uses the digest to train a machine learning-based device classifier.