| CPC H04L 9/32 (2013.01) [G06N 20/00 (2019.01); H04L 63/0428 (2013.01)] | 20 Claims |
|
1. A computing platform comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
receive a request to unmask masked information;
unmask the masked information, resulting in unmasked PII;
log the request to unmask the masked information in an unmasking event log;
send the unmasked PII in response to the request to unmask the masked information;
apply at least one machine learning model to the unmasking event log to identify one or more malicious events; and
trigger one or more remediation actions based on identification of the one or more malicious events, wherein identifying the one or more malicious events comprises:
identifying that a number of requests for the PII by a user computing device exceeds a median number of requests for the PII by a predetermined number of standard deviations, wherein the requests are initiated by other user computing devices corresponding to users associated with a particular job title and wherein a user of the user computing device may also be associated with the particular job title.
|