| CPC G06F 21/316 (2013.01) [G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/1441 (2013.01); H04L 63/308 (2013.01)] | 20 Claims |
|
1. A computer system configured to facilitate recall utility for user identity risk scores that are utilized in providing computer security, said computer system comprising:
one or more processors; and
one or more computer-readable hardware storage devices that store instructions that are executable by the one or more processors to cause the computer system to:
access sign-in data associated with a set of sign-in events corresponding to a first user, the sign-in data being stored for a predetermined period of time;
from the sign-in data, and based on risk profiles associated with the sign-in data, identify a set of sign-in detectors, wherein the set of sign-in detectors includes one or more sign-in detectors for each sign-in event in the set of sign-in events, and wherein each sign-in detector in the set of sign-in detectors identifies at least an attribute for a corresponding sign-in event;
generate a first set of quantified risk levels based on the set of sign-in detectors by applying a first machine learning tool to the set of sign-in detectors, the first machine learning tool quantifying a relative risk level associated with each sign-in detector in the set of sign-in detectors, wherein:
the set of sign-in detectors includes a first detector, a second detector, and a third detector,
the first detector and the third detector are both detected for a first sign-in event included in the set of sign-in events, and the second detector and the third detector are both detected for a second sign-in event included in the set of sign-in events,
when the first detector is grouped with the third detector, the third detector is assigned a first quantified risk level, and
when the second detector is grouped with the third detector, the third detector is assigned a second quantified risk level, which is an escalated quantified risk level as compared to the first quantified risk level;
generate a second set of quantified risk levels based on the first set of quantified risk levels by applying a second machine learning tool to the first set of quantified risk levels;
generate a first user identity risk score based on the second set of quantified risk levels by applying a third machine learning tool to the second set of quantified risk levels that were generated by applying the second machine learning tool to the first set of quantified risk levels, the third machine learning tool quantifying a relative risk level associated with the first user;
use the first user identity risk score to update data used to train a machine learning tool selected from the group consisting of the first machine learning tool, the second machine learning tool, and the third machine learning tool;
based on the updated data, further tune the machine learning tool, resulting in at least one of the first machine learning tool, the second machine learning tool, or the third machine learning tool being further trained;
iteratively and dynamically update the first user identity risk score or generate a new first user identity risk score by reapplying the first machine learning tool, the second machine learning tool, or the third machine learning tool to generate a new first set of quantified risk levels, a new second set of quantified risk levels, and the new first user identity risk score;
detecting a user request from the first user corresponding to a new sign-in event;
identifying the new first user identity risk score corresponding to the first user; and
in response to determining the new first user identity risk score exceeds a predetermined threshold, trigger a remedial action to the user request, or alternatively, in response to determining the new first user identity risk score falls below the predetermined threshold, granting the user request.
|