| CPC H04L 63/1458 (2013.01) [G06N 20/00 (2019.01); H04L 63/0254 (2013.01); H04L 63/0281 (2013.01); H04L 63/1425 (2013.01)] | 20 Claims |
|
1. A system, comprising:
a memory; and
one or more hardware processors coupled with the memory and configured to read instructions from the memory to cause the system to perform operations comprising:
temporarily dissociating, by a service provider, an IP address of the service provider from a domain of the service provider, wherein the domain is associated with one or more nodes;
receiving, at a first node of the one or more nodes, a set of one or more requests associated with the temporarily dissociated IP address, wherein the set of one or more requests is determined to be associated with malicious activity based on being associated with the temporarily dissociated IP address;
reassociating, after the set of one or more request is determined to be associated with the malicious activity, the IP address with the domain;
training a machine learning model utilizing log information corresponding to the set of one or more requests, wherein the training includes determining one or more patterns corresponding to the malicious activity;
receiving, at any of the one or more nodes, a new request corresponding to a first information;
determining whether the new request corresponds to malicious activity based on using the machine learning model to analyze the first information and determine if the first information corresponds to the one or more patterns; and
blocking the new request based on determining that the new request corresponds to the malicious activity.
|