US Patent 11930000 Detection of anomalous authentications

Techniques for training and using models to analyze multiple attributes of an authentication, and detect anomalous authentications that may include security threats. An authentication platform may use historical authentication data to train models to identify common attributes for authentications of users, and the training may be performed without the use of labels. For instance, models may be trained for each attribute of the historical authentications (e.g., geographic location, type of authentication method, type of device, time of day, etc.) to “learn” common behaviors of users across attributes of historical authentications. The models can then be applied to new authentications to determine, on an attribute-by-attribute level, whether or not new authentications are anomalous as compared to historical authentications by the user. In this way, the models can learn common authentication behaviors of users without needing labels, and the models can then be applied to identify anomalous (and potentially malicious) authentications.