US Patent 11943244 Anomaly detection over high-dimensional space

One or more computer processors create a binary cluster of events by bootstrapping a set of ground truths contained with a rule engine applied to a set of high-dimensional datapoints, wherein the binary cluster contains two clusters each containing a plurality of high-dimensional datapoints; determine one or more peer groups for a set of unknown high-dimensional datapoints utilizing a trained multiclass classifier, wherein the high-dimensional datapoints are assigned to one or more peer groups by the trained multiclass classifier using an incremental learning algorithm in order to reduce system resources; create an activity distribution for each unknown high-dimensional datapoint associated with a user in the set of unknown high-dimensional datapoints and each peer group; calculate a deviation percentage between the activity distribution of the user and each peer group associated with the user; and responsive to exceeding a deviation threshold, classify the user or associated high-dimensional datapoints as risky.