| CPC H04L 63/1433 (2013.01) [H04L 63/083 (2013.01); H04L 63/1425 (2013.01); H04L 2463/082 (2013.01)] | 14 Claims |
|
1. A method for detecting anomalous authentication requests to a customer endpoint during an authentication journey, in order to conditionally invoke step-up authentication, the method comprising:
obtaining request features from an authentication request that triggered the authentication journey;
processing, by an ensemble of Machine Learning (ML) models and a set of rule-based heuristics, a set of features based on the request features, the set of features associated with a userID, the ensemble of ML models comprising unsupervised learning models including at least one k-mode clustering model and at least one encoder-decoder model, each cluster member of the at least one k-mode clustering model representing a distinct userID;
deriving a risk sub-score for each ML model from the ensemble of ML models and each heuristic from the set of rule-based heuristics, the risk sub-score for the at least one k-mode clustering model being based on a set of request features compared to a k-mode cluster-mode of the at least one k-mode clustering model;
generating an explanation of at least one risk sub-score;
deriving a risk score based on the risk sub-score for each ML model from the ensemble of ML models and each heuristic from the set of rule-based heuristics;
determining that the risk score exceeds an explanation-triggering threshold; and
providing, to a node in the authentication journey, the risk score with an explanation of the risk score,
whereby the risk score and the explanation can be used to determine whether to invoke step-up authentication.
|