So I'd like to think out loud and get some opinions from other perspectives than my own. Generally: How does IC know what Personae to attack after it's been deployed by the Host?
So from a meta standpoint, "obviously" the IC attacks the Player's hacker because the hacker is the protagonist and the IC is the cyber antagonist and opposing protagonists is what antagonists do. GM omniscience is enough to direct the IC "NPC" to attack the PC Hacker from the meta perspective.
But in universe, it seems there are some holes in the lore and/or rules. Something besides GM omniscience has to guide the IC to attack the hacker. Patrol IC is described as being the first line of cyber defenses.. it performs matrix perception actions to find trouble. But that's the rub... you can't even get into a host without having a mark on the host, which makes you for security purposes a legitimate user. And that's a comment from the Patrol IC's own description! So obviously there's no reason the Patrol IC to be looking at the hacker's persona. It must be looking at marks on the host, which it can theoretically determine somehow as fraudulent. There's really no guidance "fluff" or a hard mechanic for determining when the Patrol IC "sees" the Hacker's shenanigans. It pretty much seems to boil down to the GM's whim. "Yeah, this is bogging down. You've been in the host long enough; alarm goes off because the Patrol IC finally sussed you out. Here comes more IC..."
You make a very reasonable point, that a Patrol IC has no reason to simply go scan you immediately, as the point of a mark is that it makes you seem like an authentic user. Luckily, I can answer this part for you and provide sources.
First, a Patrol IC goes around scanning basically everything. On devices it would probably check for "the marks on an icon, but not their owners" as the number of marks on a device should not change without the Patrol IC being informed (such as scheduled maintenance for a specialist to come in and mark the device to alter its software). On persona, it would presumably check "the last Matrix action an icon performed, and when". This could potentially alert the IC to a hacker by finding out they have taken an illegal action (anything with Attack or Sleaze as the limit). Both of these are options on the chart on page 235 of the core rulebook. A Patrol IC would also presumably go for "if you are in a host, whether there is an icon running silent" as well.
As for how often they would check the player, in Data Trails on page 86 there is a chart for Patrol IC. As per that chart, the number of combat turns inbetween the player getting scanned is rolled, modified by how high the host's rating is, ranging from Once Every Combat Turn (Rating 1-2) to once every 3d6 Combat Turns (Rating 11-12). If the PC is silent, then I'd make these actions the "looking for silent icons" roll that the IC should be doing every so often, and then if the IC has spotted the hacker's icon, then when the time has passed, I would have it make "last matrix action" rolls.
As well, if there's a Security Spider on site, they are able to direct the IC, telling them what actions to take and on whom, meaning a hacker might trick the patrol IC but seem suspicious to the spider, and after a fight breaks out, the hacker needs to fool the spider first.
Now if the hacker fails a sleaze action and a Host mark gets put on his persona, it seems fairly obvious that the system should go on alert and start deploying further IC. A failed attack action seems it should probably work the same way, although the host and its IC don't have the benefit of having a mark on the hacker's persona.
So let's say a failed attack action is the case. Or a hacker having successfully erased the Host's mark after a failed sleaze action. Without a Host's mark on the persona, how does the IC know who to attack in an in-universe sense? Again the hacker appears to the Host to be a legit user, as his mark is still on the host. It seems clear that the IC is willing to attack "legitimate" users, as it's mentioned in the Lore more than once. Can a Host "remember" or designate a persona as a known/suspected problem icon, even if there is no mark upon it, and that's the in-universe basis for GM omniscience guiding the IC to target the PC hacker?
"Erase Mark" in the case of failing the Sleaze action wouldn't reset the alert; the matrix history of
why you were being targeted is still active (the host remembers that it marked you, which is probably logged as the provoking action somewhere) and even though the mark is gone, the alert and attack have not been disabled by anyone, and you haven't even left.
If you left, reset, the host alert was disabled, and then you hacked your way in, the IC would probably not "remember" you. Your temporary access would probably be seen as a random new account or something similar, or if you were granted a free level 1 mark, the public nature probably means the host does not save that data.
As for a failed attack action, they are not alerted. Failed attack actions simply cause you damage. On a successful attack action, they know they are being attacked-- I might cut down the time between the IC rolling against the player to represent a shift of priorities in the Patrol IC. As well, any Spiders on site will be out for blood, and a security decker might be alerted.
So with this knowledge, hopefully you can see the logic and context the IC work in and see how it's not down to just GM omniscience.