CPC H04L 63/102 (2013.01) [G06F 16/288 (2019.01); G06N 7/00 (2013.01); G06N 20/00 (2019.01); H04L 63/1425 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
receiving an entity-resource pair for which suspiciousness is to be predicted, wherein the entity-resource pair indicates an entity and a resource associated with an access between the entity and the resource;
predicting, using a probabilistic prediction model, suspiciousness of the entity-resource pair, wherein the probabilistic prediction model is trained using observed accesses between entities and resources, a set of access rules indicating appropriateness levels for accesses between the entities and the resources, and artificial access data randomly generated to include unobserved associations of entity-resource pairs; and
outputting an indication of whether the access is suspicious.
|