| CPC H04L 63/08 (2013.01) | 18 Claims |
|
1. A method for data processing, comprising:
receiving, via a cloud-based platform supporting a plurality of tenants, one or more access events from a user of a host platform associated with a tenant of the plurality of tenants, the one or more access events comprising one or more keystroke events at the host platform and one or more commands inputted by the user at the host platform, wherein the one or more access events are captured by a continuous authentication agent associated with the host platform;
training a machine learning model with a list of known fraudulent access events, a list of known authenticated browsing behaviors, and previously authenticated browsing behavior of the user;
identifying at least one fraudulent access event based at least in part on executing the machine learning model to perform a pattern matching between the previously authenticated browsing behavior of the user and the one or more access events at the host platform; and
generating a challenge question for reauthenticating the user of the host platform based at least in part on identifying the at least one fraudulent access event.
|