US 12,483,574 B1
System and method of identifying malicious activity in a network
Sara Saperstein, Springfield, MA (US); John H. Ring, IV, Springfield, MA (US); Kevin Sopuch, Springfield, MA (US); James Hefferman, Springfield, MA (US); Lindsey Basara, Springfield, MA (US); and Evan Moore, Springfield, MA (US)
Assigned to Massachusetts Mutual Life Insurance Company, Springfield, MA (US)
Filed by Massachusetts Mutual Life Insurance Company, Springfield, MA (US)
Filed on Jun. 29, 2023, as Appl. No. 18/344,640.
Claims priority of provisional application 63/356,836, filed on Jun. 29, 2022.
Int. Cl. G06N 20/00 (2019.01); H04L 9/40 (2022.01); H04L 41/16 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 41/16 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method comprising:
monitoring, by a computer, network activity of a user having a baseline network activity corresponding to historic network activity of the user;
executing, by the computer, a machine learning model to determine a network activity score indicating a likelihood of the network activity being malicious activity for the baseline network activity, the machine learning model having been previously trained based on malicious activity and corresponding baseline network activity;
generating, by the computer, a similarity score based upon a distance between the network activity score and a centroid of a cluster of network activity scores, the cluster of network activity scores formed based on similarities between one or more network activity scores;
evaluating, by the computer, the network activity score based on the similarity score; and
displaying, by the computer, the network activity score.