This disclosure describes automated detection of network intrusion and generating a response based on machine learning techniques. Devices connected to the internet (or other network) are monitored for malicious activity. Patterns of intrusion are detected using machine-learned models that are trained for intrusion detection. The source IP address of the threat actor is identified. Using publicly available IP-address ownership information, the appropriate individual or entity to report abuse to is identified. The individual or entity is notified of malicious activity and a demand is made that such activity cease.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.