CPC H04L 63/20 (2013.01) [G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01)] | 24 Claims |
1. A method comprising:
establishing, via an application programming interface, a connection with a storage medium that includes information related to communication activities of an enterprise;
downloading, via the application programming interface, a series of communications received by an employee over an interval of time;
providing the series of communications to a machine learning (ML) model as training data, so as to produce a trained ML model that is able to identify deviations in features, content, or context of communications received by the employee;
storing the trained ML model in a profile that is associated with the employee or the enterprise;
generating a statistical profile that includes at least one score by providing at least two attributes of a first communication to the trained ML model as input, wherein each score corresponds to a pair of attributes selected from amongst the at least two attributes, and wherein each score is based on an analysis of the corresponding pair of attributes by the trained ML model; and
determining, based on the statistical profile, whether the first communication represents a security risk, including by comparing each score in the statistical profile to a corresponding threshold that is calibrated based on a threshold at which at least one of false positives or false negatives are to be generated by the trained ML model.
|