| CPC G06F 21/552 (2013.01) [G06F 11/3438 (2013.01); G06F 11/3476 (2013.01); G06F 21/00 (2013.01); G06F 21/55 (2013.01); G06F 21/554 (2013.01); G06N 20/00 (2019.01); G06Q 10/0635 (2013.01); H04L 63/1433 (2013.01); G06Q 10/06398 (2013.01); H04L 9/3231 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for detecting unauthorized activities on a network, comprising:
receiving, at one or more processors, an activity report comprising data regarding one or more actions performed by a system administrator on the network;
retrieving, via the one or more processors, a plurality of task smart agents corresponding to a job of the system administrator, each of the plurality of task smart agents including a long-term profile establishing at least one normal value for an attribute of a corresponding task based on historical performance of the job by the system administrator;
determining, via the one or more processors, that the activity report data reflect one or more deviations by the system administrator from the normal values for the attributes of the plurality of task smart agents, the one or more deviations respectively being of least a corresponding threshold degree;
generating, via the one or more processors, an output flag for each of the one or more deviations;
submitting, via the one or more processors, the one or more output flags to a judging module;
issuing, via the one or more processors and based on the one or more output flags, a lockout output restricting access to the network by the system administrator.
|