| CPC H04L 63/1416 (2013.01) [G06F 18/2148 (2023.01); G06N 20/00 (2019.01)] | 20 Claims |
|
1. A method comprising:
training an artificial intelligence (AI) model based on historical activity patterns associated with each user account of a plurality of user accounts;
monitoring, continuously, computing operations and activities of each user account of the plurality of user accounts on a computing network of computing devices via an AI-based analysis engine and using the trained AI model;
identifying, by the AI-based analysis engine, common activity patterns associated with each user account of the plurality of user accounts;
excluding, by the AI-based analysis engine and for each particular user account, the common activity patterns associated with the particular user account during monitoring of operations and activities of the computing network;
identifying, by the AI-based analysis engine after common activity patterns are excluded for each user account of the plurality of user accounts, an unusual activity pattern;
determining, by the AI-based analysis engine, a threat score associated with unusual activity pattern; and
initiating, automatically and based on the threat score, an incident response based on the threat score meeting a condition associated with an attempted network security event.
|