| CPC H04L 63/1416 (2013.01) [H04L 41/16 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system, comprising:
one or more processors; and
one or more memory storing computer-readable instructions that, upon execution by the one or more processors, configure the system to:
receive a first dataset that represents first content request events;
generate first event vectors from the first dataset;
determine, by using the first event vectors as input to a first artificial intelligence model, first anomalous events from the first content request events;
determine, by using second event vectors as input to a second artificial intelligence model, first event clusters, the second event vectors corresponding to the first anomalous events, the first event clusters comprising a first event cluster and a second event cluster, the first event cluster clustering a first subset of the first content request events, the second event cluster comprising a second subset of the first content request events;
store first information about the first event clusters, the first information indicating that the first event cluster is associated with a threat classification and that the second event cluster is associated with a non-threat classification;
receive a second dataset that represents second content request events;
generate third event vectors from the second dataset;
determine, by using the third event vectors as input to the second artificial intelligence model, second event clusters, the second event clusters comprising a third event cluster, the third event cluster clustering a subset of the second content request events;
determine that the third event cluster has no correspondence in the first event clusters and is associated with an unknown classification; and
generate second information about the third event cluster, the second information indicating that the subset is associated with the unknown classification.
|