| CPC G06F 21/554 (2013.01) [G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A system for adapting a detection algorithm, the system comprising:
at least one processor circuit; and
at least one memory that stores program code configured to be executed by the at least one processor circuit, the program code comprising:
a detector configured to execute a first detection algorithm that monitors a first set of events in a computing environment and applies a first baseline value associated with a particular user account to the first set of events;
a constraint monitor configured to monitor a set of constraint metrics in the computing environment, the constraint metrics indicative of an amount of computing resources utilized by the first detection algorithm;
a detection algorithm adapter configured to regenerate the first detection algorithm based on the monitored set of constraint metrics to generate a second detection algorithm, the second detection algorithm utilizing a different set of detection metrics compared to the first detection algorithm, the second detection algorithm configured to monitor a second set of events in the computing environment and apply a second baseline value associated with a grouping of user accounts that includes the particular user account, wherein the detector is configured to execute the second detection algorithm with respect to the second set of events; and
a remediator configured to perform a remediation action in response to an abnormal event detected in the computing environment by the second detection algorithm.
|