主权项 |
1. A method comprising:
determining, by a processor of a threat detection platform, one or more features from one or more network transfers of one or more communication packets between a plurality of network entities, wherein the plurality of network entities include an authorized user and/or authorized device of a private communication network, and wherein the one or more features include a volume of the one or more network transfers between a first network entity and a second network entity of the plurality of network entities, a time interval associated with the one or more network transfers, a direction of the one or more network transfers, or a combination thereof; determining, by the processor, a baseline behavioral profile of one or more of the plurality of network entities based on the one or more features determined during a time period; determining a systematic deviation from the baseline behavioral profile of at least one of the one or more features by one or more of the plurality of network entities by comparing the baseline behavioral profile with the one or more features determined outside of the time period; and determining, by the processor, at least one malicious network entity from among the plurality of network entities based on a systematic deviation from the baseline behavioral profile of at least one of the one or more features. |