Systems and methods for network security

What is claimed is: 1. A security system for a network, comprising: a processor; and a memory storing instructions executable by the processor, wherein, upon execution of the instructions by the processor, the processor is configured to: detect one or more failed authentication attempts to access the network by at least one user device; determine a number of the one or more failed authentication attempts; determine a first risk score for the at least one user device based on the number of the one or more failed authentication attempts and one or more factors comprising: network signal strength, network connection type, network connection location, authentication history and credential similarities; determine whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold; in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generate a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network; determine whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected; in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, apply a first set of network activity restrictions to the at least one user device, such that the at least one user device has access to the network under the first set of network activity restrictions that limits network activities that can be performed by the at least one device, monitor network activities of the at least one user device when the at least one user device is accessing the network under the first set of network activity restriction; generate a second notification indicating one or more network activities relating to the at least the one user device; and transmit, via the network, the second notification to a recipient, wherein the monitored network activities of the at least one user device include at least one selected from the group of downloading a large amount of data, exporting a large amount of data outside of the network, visiting an unexpected website, or visiting a restricted website. 2. The security system of claim 1 , wherein the processor is further configured to transmit the first notification to an administrator of the network. 3. The security system of claim 1 , wherein the processor is further configured to determine a second risk score for the at least one user device based on the monitored network activities. 4. The security system of claim 3 , wherein the processor is further configured to determine whether the second risk score is equal to or greater than a second risk score threshold. 5. The security system of claim 4 , wherein the processor is further configured to, when the second risk score is determined to be equal to or greater than the second risk score threshold, apply a second set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the second set of network activity restrictions. 6. The security system of claim 5 , wherein the second notification indicates that the at least one user device is performing unusual network activities on the network. 7. The security system of claim 6 , wherein the recipient comprises the administrator of the network. 8. The security system of claim 3 , wherein the machine learning algorithm determines the first risk score based on one or more of a network signal strength, a network connection type, a network connection location of the user device, an authentication history of the user device, or a credential similarities between the failed authentication attempts. 9. The security system of claim 1 , wherein the processor is further configured to apply a machine learning algorithm to determine the first risk score. 10. A method for network security, comprising: detecting, by a server, one or more failed authentication attempts to access a network by at least one user device; determining, by the server, a number of the one or more failed authentication attempts; determining, by the server, a first risk score for the at least one user device based on the number of the one or more failed authentication attempts and one or more factors comprising: network signal strength, network connection type, network connection location, authentication history and credential similarities; determining, by the server, whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold; in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generating, by the server, a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network; determining, by the server, whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected; in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, applying, by the server, a first set of network activity restrictions to the at least one user device, such that the at least one user device has access to the network under the first set of network activity restrictions that limits network activities that can be performed by the at least one device, monitoring, by the server, network activities of the at least one user device when the at least one user device is accessing the network under the first set of network activity restrictions; generate a second notification indicating one or more network activities relating to the at least the one user device; and transmit, via the network, the second notification to a recipient, wherein the monitored network activities of the at least one user device include at least one selected from the group of downloading a large amount of data, exporting a large amount of data outside of the network, visiting an unexpected website, or visiting a restricted website. 11. The method of claim 10 , comprising: determining, by the server, a second risk score for the at least one user device based on the monitored network activities; determining, by the server, whether the second risk score is equal to or greater than a second risk score threshold; and when the second risk score is determined to be equal to or greater than the second risk score threshold, applying, by the server, a second set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the second set of network activity restrictions. 12. The method of claim 11 , wherein the second set of network activity restrictions includes disconnecting the at least one user device from the network. 13. The method of claim 10 , wherein the first set of network activity restrictions include at least one selected from the group of reducing network connection speed of the at least one user device, restricting Internet protocol (IP) addresses that the at least one user is allowed to ping, and limiting ability of the at least one user device to adjust settings of the ne