104563Automated attack mitigationClosedFeasibility StudiesInnovate UKEnterprise networks need fast, accurate detection of automated attacks that seek to misuse legitimate capabilities of web-based business services, and to gain access to core business assets for financial gain. These attacks leverage increasingly sophisticated attack technology to obfuscate their origin and amplify their effectiveness, yet the attacker requires few skills to launch them. The average detection time of a security breach is lengthening, resulting in the wrong balance of reactive and proactive defence, and driving up the total cost of security and remediation. Existing monitoring tools are clearly sub-optimal in coping with these threats. Commonly used anomalous behaviour monitoring struggles to differentiate legitimate use from attackers' misuse of those same capabilities, and also overwhelms the defender with false positives and impedes legitimate users. We propose a new approach to security monitoring, leveraging auditable machine-learning. It will shift the advantage back to the defender, by allowing them to "nip attacks in the bud", before the organisation is exposed to significant costs or harm. This approach also provides a novel degree of confidence for each alert, which allows for unprecedented fine-grained and definite mitigations.