US 12,034,751 B2
Systems and methods for detecting malicious hands-on-keyboard activity via machine learning
Nash Borges, Ellicott City, MD (US)
Assigned to Secureworks Corp., Wilmington, DE (US)
Filed by Secureworks Corp., Wilmington, DE (US)
Filed on Oct. 1, 2021, as Appl. No. 17/491,575.
Prior Publication US 2023/0105087 A1, Apr. 6, 2023
Int. Cl. H04L 29/06 (2006.01); G06N 20/20 (2019.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [G06N 20/20 (2019.01)] 27 Claims
OG exemplary drawing
 
1. A method for detecting unauthorized and/or malicious hands-on-keyboard activity in an information handling system, the method comprising:
receiving telemetry from one or more client systems;
tokenizing a plurality of idiosyncrasies detected in the telemetry based on examples of malicious hands-on keyboard activity to form a plurality of tokens;
aggregating the plurality of tokens over a selected time window to at least partially develop an aggregate feature vector;
submitting the aggregate feature vector to one or more machine learning subsystems trained on a historical corpus of malicious hands-on keyboard activities and benign hands-on keyboard activities; and
applying an ensemble model to one or more outputs from the one or more machine learning subsystems to generate an overall behavioral threat score of the hands-on-keyboard activity trained on another corpus of malicious hands-on keyboard activities and benign hands-on keyboard activities.