| CPC H04L 63/205 (2013.01) [H04L 63/08 (2013.01); H04L 63/0876 (2013.01); H04L 63/10 (2013.01); H04W 12/71 (2021.01); H04W 12/06 (2013.01); H04W 12/08 (2013.01)] | 19 Claims |
|
1. A security system for a network, comprising:
a processor; and
a memory storing instructions executable by the processor,
wherein, upon execution of the instructions by the processor, the processor is configured to:
detect one or more failed authentication attempts to access the network by at least one user device;
determine a number of the one or more failed authentication attempts;
determine a first risk score for the at least one user device based on the number of the one or more failed authentication attempts and one or more factors comprising: network signal strength, network connection type, network connection location, authentication history and credential similarities;
determine whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold;
in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generate a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network;
determine whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected;
in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, apply a first set of network activity restrictions to the at least one user device, such that the at least one user device has access to the network under the first set of network activity restrictions that limits network activities that can be performed by the at least one device,
monitor network activities of the at least one user device when the at least one user device is accessing the network under the first set of network activity restriction;
generate a second notification indicating one or more network activities relating to the at least the one user device; and
transmit, via the network, the second notification to a recipient, wherein the monitored network activities of the at least one user device include at least one selected from the group of downloading a large amount of data, exporting a large amount of data outside of the network, visiting an unexpected website, or visiting a restricted website.
|