Internet security has become a critical focus of businesses, governments, schools, and other entities. A core goal of Internet security has always been the detection and/or prevention of network attacks. However, in recent years, the focus of Internet security has expanded rapidly to also encompass a number of other analytic functions. For example, another aspect of Internet security now focuses on preventing the leak of sensitive data, such as credit card information, Social Security numbers, medical records, trade secrets, and the like. In another example, another Internet security function now focuses on preventing users from accessing certain applications or content (e.g., pornography, gambling websites, etc.), based on user policies.
As the role of Internet security has expanded, so too has the set of potential input features for analysis by the security system. Notably, while certain features, such as traffic signatures, are still used for purposes of detecting network attacks, this information does little for purposes of ensuring data security, enforcing user access policies, and performing other Internet security functions. In addition to new types of input features, certain Internet security functions may also leverage input features of different degrees of granularity, meaning that some security functions may require more specific information than others.