CPC H04L 63/1425 (2013.01) [H04L 65/61 (2022.05)] | 20 Claims |
1. A computer-implemented method of providing network security, the method comprising:
accessing risk score data including a plurality of risk scores, each risk score of the plurality of risk scores corresponding to a different one of a plurality of detected anomalies related to an entity on or associated with a computer network;
generating a plurality of entity scores for the entity by determining, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, wherein for each of the sliding time windows a corresponding entity score of the entity is based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, each of the entity scores corresponding to a risk level associated with the entity for a corresponding one of the plurality of time windows;
determining a protective action to perform in relation to the entity based on the entity score of the entity for at least one of the plurality of time windows; and
causing execution of the protective action.
|