CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] | 20 Claims |
1. A method of detecting anomalous behavior of a device, the method comprising:
generating, using information describing historical activity associated with a device associated with a user, a trained model for detecting normal activity for the device, wherein the trained model is specific to the device;
gathering information describing current activity associated with the device;
determining, by using the information describing current activity associated with the device as input to the trained model, whether the device has deviated from normal activity; and
initiating a remediation workflow after determining that device has deviated from normal activity.
|