Abstract: A machine learning system and method are provided. The machine learning system includes a plurality of client apparatuses, and the client apparatuses include a first client apparatus and one or more second client apparatuses. The first client apparatus transmits a model update request to the one or more second client apparatuses, and the model update request corresponds to a malware type. The first client apparatus receives a second local model corresponding to each of the one or more second client apparatuses from each of the one or more second client apparatuses. The first client apparatus generates a plurality of node sequences based on a first local model and each of the second local models. The first client apparatus merges the first local model and each of the second local models based on the node sequences to generate a local model set.

Abstract: An information security device and method thereof are provided. The information security device includes a transceiver, a register and a processor. The transceiver configured to receive scenario information of a company; The register configured to store multiple instructions and multiple databases; and the processor coupled to the transceiver and the register, and configured to execute the multiple instructions to: read first vulnerability related information and first event information from the multiple databases; generate at least one first intelligent graph according to the first vulnerability related information and the first event information, and generate a second intelligent graph according to the scenario information; and compare the at least one first intelligent graph with the second intelligent graph to identify at least one similarity between the at least one first intelligent graph and the second intelligent graph for determining whether the company has information security threat.