| CPC H04L 63/1433 (2013.01) [G06F 21/554 (2013.01); G06F 21/577 (2013.01); H04L 63/0236 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); G06F 2221/034 (2013.01)] | 22 Claims |
|
1. A computer-implemented system comprising at least one computing device comprising at least one processor and instructions executable by the at least one processor to cause the at least one processor to perform operations comprising:
a) detecting a data flow between a sequence of nodes of a computer network, the data flow associated with a user of the computer network;
b) determining a characteristic of the data flow and a characteristic of the user;
c) receiving a software application transaction log for the computer network;
d) sampling data from the software application transaction log to create a plurality of software application transaction log samples, wherein frequency of the sampling is automatically adjusted responsive to security risk associated with the data flow;
e) classifying the data flow responsive to the plurality of software application transaction log samples;
f) applying a machine learning algorithm configured to perform predictive path progress analysis in order to determine a level of security risk caused by the data flow responsive to the determined characteristic of the data flow, the determined characteristic of the user, and the classification of the data flow;
g) generating a plurality of transaction maps, each transaction map comprising icons representing the nodes of the computer network and the data flow between the nodes over a configurable time interval starting at a point in time and a visual indicator of the level of security risk;
h) comparing two or more of the transaction maps representing different time intervals, different points in time, or both to detect a change between the transaction maps; and
j) generating an alert notification of the change.
|