INTELLIGENT AUTO-DETECTION OF ANOMALOUS WEB-BASED ACCESS REQUESTS

A system for dynamically determining the legitimacy of a source internet protocol (IP) address requesting access to a target resource includes an address classifier, a resource similarity identifier, and a connection legitimacy prediction engine. The IP address classifier classifies the source IP address into a relevant address group selected from among a plurality of address groups. Each of the address groups consist of IP addresses that satisfy at least one address similarity criterion. The resource similarity identifier identifies a group of similar resources for the target resource based commonalities in a first subset of the address groups that have previously accessed the target resource and subsets of the address groups that have accessed each of the similar resources. The connection legitimacy prediction engine compute a probability of receiving a legitimate new request to access the target resource from the relevant address group based on connection history data associated with the relevant address group and each of the similar resources. The system denies the request to access the target resource in response to determining that the probability falls below a defined threshold.