| CPC G06Q 30/0185 (2013.01) [G06F 16/285 (2019.01); G06N 20/00 (2019.01)] | 20 Claims |
|
1. A method for monitoring transaction activity for system requests comprising:
receiving information about a set of activity based features from a set of monitoring processes for a set of entities, the entities outside control of and authorized to request services of a system, the set of monitoring processes resident in the system;
identifying respective entities with high feature values for respective features of the set of activity based features based on a predetermined or statistically based threshold for the respective feature to produce a set of outlier entities;
filtering the set of outlier entities from the set of entities to produce a filtered set of entities; and
in response to the filtering, using a trained machine learning model to:
create a set of clusters from the filtered set of entities based at least in part on the set of activity based features,
determine values for the sets of activity based features for the respective clusters,
assign risks for the clusters based at least in part on the values of one or more of the set of activity based features,
allocate varied levels of system monitoring resources to the respective entities in the clusters based at least in part on the risks assigned to the respective clusters,
monitor the entities for: recent entity activity, and recent entity non-activity,
use the recent entity activity and the recent entity non-activity to reassign updated risks for the clusters, and
dynamically adjust the level of system monitoring resources allocated to the respective entities in the clusters based at least in part on the updated risks assigned to the respective clusters.
|