US 11,895,135 B2
Detecting anomalous behavior of a device
Vikram Kapoor, Cupertino, CA (US); Harish Kumar Bharat Singh, Pleasanton, CA (US); Weifei Zeng, Sunnyvale, CA (US); Vimalkumar Jeyakumar, Los Altos, CA (US); Theron Tock, Mountain View, CA (US); Ying Xie, Cupertino, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to LACEWORK, INC., Mountain View, CA (US)
Filed by LACEWORK, INC., San Jose, CA (US)
Filed on Jul. 6, 2022, as Appl. No. 17/810,946.
Application 17/810,946 is a continuation of application No. 17/704,981, filed on Mar. 25, 2022, abandoned.
Application 17/704,981 is a continuation in part of application No. 17/196,887, filed on Mar. 9, 2021, granted, now 11,689,553.
Application 17/196,887 is a continuation of application No. 16/459,207, filed on Jul. 1, 2019, granted, now 10,986,114, issued on Apr. 20, 2021.
Application 16/459,207 is a continuation of application No. 16/134,821, filed on Sep. 18, 2018, granted, now 10,419,469, issued on Sep. 17, 2019.
Claims priority of provisional application 63/240,818, filed on Sep. 3, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Prior Publication US 2022/0400129 A1, Dec. 15, 2022
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); G06F 16/901 (2019.01); G06F 21/57 (2013.01); H04L 67/306 (2022.01); G06F 16/9038 (2019.01); G06F 16/9537 (2019.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); G06F 16/9535 (2019.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method of detecting anomalous behavior of a device, the method comprising:
generating, using information describing historical activity associated with a device associated with a user, a trained model for detecting normal activity for the device, wherein the trained model is specific to the device;
gathering information describing current activity associated with the device;
determining, by using the information describing current activity associated with the device as input to the trained model, whether the device has deviated from normal activity; and
initiating a remediation workflow after determining that device has deviated from normal activity.