	US 11,991,198 B1
	User-specific data-driven network security
Vikram Kapoor, Cupertino, CA (US); Harish Kumar Bharat Singh, Pleasanton, CA (US); Weifei Zeng, Sunnyvale, CA (US); Vimalkumar Jeyakumar, Los Altos, CA (US); Theron Tock, Mountain View, CA (US); Ying Xie, Cupertino, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to LACEWORK, INC., Mountain View, CA (US)
Filed by LACEWORK, INC., San Jose, CA (US)
Filed on Jul. 6, 2022, as Appl. No. 17/858,949.
Application 17/858,949 is a continuation of application No. 17/836,558, filed on Jun. 9, 2022, abandoned.
Application 17/836,558 is a continuation in part of application No. 17/196,887, filed on Mar. 9, 2021, granted, now 11,689,553.
Application 17/196,887 is a continuation of application No. 16/459,207, filed on Jul. 1, 2019, granted, now 10,986,114, issued on Apr. 20, 2021.
Application 16/459,207 is a continuation of application No. 16/134,821, filed on Sep. 18, 2018, granted, now 10,419,469, issued on Sep. 17, 2019.
Claims priority of provisional application 63/240,818, filed on Sep. 3, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 29/06 (2006.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)

CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)]

18 Claims

1. A method of user-specific data-driven network security, the method comprising:

generating, based on historical activity associated with a user, a trained model for determining whether a network request deviates from normal activity for the user;

receiving, from a user device associated with the user, the network request;

determining, based on the historical activity for the user and the trained model, whether the network request deviates from normal activity for the user; and

initiating, in response to the network request deviating from normal activity for the user, an approval workflow for the network request, wherein the approval workflow comprises one or more user-completable steps that, if completed, cause the network request to he allowed.