Individualized cybersecurity risk detection using multiple attributes
First Claim
1. A method for assessing and responding to potential cybersecurity risks, comprising:
- obtaining, by a computing device, a plurality of attributes relating to an authentication event;
determining, by the computing device, based on a cybersecurity risk assessment model, whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, wherein the cybersecurity risk assessment model is individualized on a per-user or per-device basis, and wherein determining whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk further comprises;
comparing the plurality of attributes to a cluster center and determining whether the plurality of attributes is within a radius R of the cluster center, wherein the radius R has multiple parts and the multiple parts have multiple formats, each part having a respective format corresponding to one or more of the plurality of attributes;
causing, by the computing device, in response to determining that the determined plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, a heightened security measure to be implemented; and
in response to the heightened security measure being passed, updating, by the computing device, the cybersecurity risk model by adding a new cluster to the cybersecurity risk model based on the plurality of attributes relating to the authentication event.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for assessing and responding to potential cybersecurity risks includes: obtaining, by a computing device, a plurality of attributes relating to an authentication event; determining, by the computing device, based on a cybersecurity risk assessment model, whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, wherein the cybersecurity risk assessment model is individualized on a per-user or per-device basis; and causing, by the computing device, in response to determining that the determined plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, a heightened security measure to be implemented.
24 Citations
18 Claims
-
1. A method for assessing and responding to potential cybersecurity risks, comprising:
-
obtaining, by a computing device, a plurality of attributes relating to an authentication event; determining, by the computing device, based on a cybersecurity risk assessment model, whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, wherein the cybersecurity risk assessment model is individualized on a per-user or per-device basis, and wherein determining whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk further comprises; comparing the plurality of attributes to a cluster center and determining whether the plurality of attributes is within a radius R of the cluster center, wherein the radius R has multiple parts and the multiple parts have multiple formats, each part having a respective format corresponding to one or more of the plurality of attributes; causing, by the computing device, in response to determining that the determined plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, a heightened security measure to be implemented; and in response to the heightened security measure being passed, updating, by the computing device, the cybersecurity risk model by adding a new cluster to the cybersecurity risk model based on the plurality of attributes relating to the authentication event. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium having processor-executable instructions stored thereon for assessing and responding to potential cybersecurity risks, the processor-executable instructions, when executed, facilitating performance of the following:
-
obtaining a plurality of attributes relating to an authentication event; determining, based on a cybersecurity risk assessment model, whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, wherein the cybersecurity risk assessment model is individualized on a per-user or per-device basis, and wherein determining whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk further comprises; comparing the plurality of attributes to a cluster center and determining whether the plurality of attributes is within a radius R of the cluster center, wherein the radius R has multiple parts and the multiple parts have multiple formats, each part having a respective format corresponding to one or more of the plurality of attributes; causing, in response to determining that the determined plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, a heightened security measure to be implemented; and in response to the heightened security measure being passed, updating the cybersecurity risk model by adding a new cluster to the cybersecurity risk model based on the plurality of attributes relating to the authentication event. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system for assessing and responding to potential cybersecurity risks, comprising:
-
a user device, wherein the user device is configured to attempt an authentication event and detect a plurality of attributes relating to the authentication event; and a server, wherein the server is configured to; obtain the plurality of attributes relating to the authentication event attempted by the user device; determine, based on a cybersecurity risk assessment model, whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, wherein the cybersecurity risk assessment model is individualized on a per-user or per-device basis, and wherein determining whether the plurality of attributes relating to the authentication event indicate a potential cybersecurity risk further comprises;
comparing the plurality of attributes to a cluster center and determining whether the plurality of attributes is within a radius R of the cluster center, wherein the radius R has multiple parts and the multiple parts have multiple formats, each part having a respective format corresponding to one or more of the plurality of attributes;cause, in response to determining that the determined plurality of attributes relating to the authentication event indicate a potential cybersecurity risk, a heightened security measure to be implemented; and in response to the heightened security measure being passed, update the cybersecurity risk model by adding a new cluster to the cybersecurity risk model based on the plurality of attributes relating to the authentication event. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification