US Patent 11469968 Automated classification of network devices to protection groups

A method and system for automatically classifying protected devices of a protected network to protection groups providing customized protection. The method includes accessing network flow information that includes network statistics processed from observed data obtained by packet interception devices, accessing at least one model that was trained using machine learning and a training data set of the network flow information to classify protected devices having addresses that correspond to destination addresses associated with the training data set to respective protection groups as a function of the network statistics that correspond to the training data set, and classifying a protected device that has an address that corresponds to a destination address associated with a portion of the network flow information to at least one of the protection groups using the at least one model and machine learning and as a function of the network statistics that correspond to the portion of the network flow information.