| CPC H04L 63/1416 (2013.01) [G06F 18/214 (2023.01); G06N 20/00 (2019.01); H04L 63/1425 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system comprising:
one or more computer devices that implement a cyberattack mitigation system, configured to:
monitor requests sent to a service by a plurality of clients using a set of attack patterns;
determine that one or more requests from a client represents an attempted attack on the service based on a match of the one or more requests to an attack pattern in the set of attack patterns;
reconfigure the cyberattack mitigation system to perform enhanced monitoring of additional requests from the client after the attempted attack, wherein the enhanced monitoring analyzes the additional requests using a machine learning model trained in an unsupervised manner without using labeled training data;
determine, based on the enhance monitoring, that the client has performed a successful attack on the service based on detection of one or more follow-on requests of the attempted attack in the additional requests, wherein the one or more follow-on requests specifies one or more actions that does not match any of the set of attack patterns and the one or more follow-on requests occurred within a specified time period after the attempted attack; and
reconfigure the service to mitigate furtherance of the successful attack in response to the determination of the successful attack.
|