Microsoft Corporation
Machine learning detection of unused open ports

Abstract:

A security service utilizes a machine learning model to detect unused open ports. A security agent on client machines tracks the operating executables and the open ports on a machine. A machine learning model is trained for a specific port number using the more commonly-used executables that run on machines having the port opened from a large and diverse population of machines. The model is then used to determine the ports that an executable is likely to be associated with which is then used to determine if a particular machine has an unused open port.