US 12,088,605 B2
Methods and systems for cyber threat detection using artificial intelligence models in data-sparse environments
Farshid Marbouti, San Jose, CA (US); Gurpreet Singh Sandhu, Walnut Creek, CA (US); Sarvani Kare, Clarksville, MD (US); Nahid Farhady Ghalaty, Fairfax, VA (US); Daniel Liu, Palo Alto, CA (US); Patrick Sofo, Arlington, VA (US); and Lee Adcock, Midlothian, VA (US)
Assigned to Capital One Services, LLC, McLean, VA (US)
Filed by Capital One Services, LLC, McLean, VA (US)
Filed on Jul. 8, 2022, as Appl. No. 17/811,551.
Prior Publication US 2024/0015168 A1, Jan. 11, 2024
Int. Cl. H04L 9/40 (2022.01); G06F 40/30 (2020.01); H04L 41/16 (2022.01)
CPC H04L 63/1416 (2013.01) [G06F 40/30 (2020.01); H04L 41/16 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for cyber threat detection using artificial intelligence models in data-sparse environments, the system comprising:
one or more processors; and
a non-transitory, computer-readable medium comprising instructions that, when executed by the one or more processors, cause operations comprising:
receiving user profile data, wherein the user profile data comprises electronically transmitted content that is generated by the user and a user characteristic for the user, and wherein the user characteristic comprises demographic information about the user;
generating, based on the user profile data, a first feature input, wherein the first feature input comprises a first vector array of values indicative of the content and the content characteristic;
inputting the first feature input into a first model component of an artificial intelligence model, wherein the first model component comprises a neural network that is trained to predict a plurality of user intents based on the user characteristic, and a respective probability for each of the plurality of user intents based on a semantic analysis of the content;
receiving user interaction data, wherein the user interaction data comprises time series data indicating an interaction rate of the user with a user device as a function of time;
generating, based on the user interaction data, a second feature input, wherein the second feature input comprises a second vector array of values indicative of the time series data;
inputting the second feature input into a second model component of the artificial intelligence model, wherein the second model component comprises a machine learning model that is trained to generate user engagement metrics for users based on interaction rates of users;
receiving a first output from first model component;
receiving a second output from second model component;
determining a cyber incident probability based on the first output and the second output; and
generating for display, in a user interface, a cyber incident response based on the cyber incident probability.