Cyber-semantic account management system
First Claim
1. A system comprising:
- at least one hardware processor; and
memory encoding computer executable instructions that, when executed by the at least one hardware processor, perform a method comprising;
receiving network data corresponding to a set of transactions for a plurality of users in a network;
comparing the network data to expected global network behavior data, wherein the expected global network behavior data comprises previously received network data comprising at least two of;
an access time, location data, page requests made, PKI status, page referrer URL, common access card information, login name, encryption information, and weather data;
based on the comparison, determining if the network data deviates from the expected global network behavior data for a specific transaction; and
when the network data is determined to deviate from the expected global network behavior data, performing one or more actions.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity'"'"'s credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.
10 Citations
19 Claims
-
1. A system comprising:
-
at least one hardware processor; and memory encoding computer executable instructions that, when executed by the at least one hardware processor, perform a method comprising; receiving network data corresponding to a set of transactions for a plurality of users in a network; comparing the network data to expected global network behavior data, wherein the expected global network behavior data comprises previously received network data comprising at least two of;
an access time, location data, page requests made, PKI status, page referrer URL, common access card information, login name, encryption information, and weather data;based on the comparison, determining if the network data deviates from the expected global network behavior data for a specific transaction; and when the network data is determined to deviate from the expected global network behavior data, performing one or more actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer implemented method, using at least one hardware processor, the method comprising:
-
detecting, by using at least the hardware processor, network data corresponding to a set of transactions for a plurality of users in a network; comparing the network data to expected global network behavior data, wherein the expected global network behavior data comprises previously received network data comprising at least two of;
an access time, location data, page requests made, PKI status, page referrer URL, common access card information, login name, encryption information, and weather data;based on the comparison, determining if the network data deviates from the expected global network behavior data; and when the network data is determined to deviate from the expected global network behavior data, performing one or more actions. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system comprising:
- at least one hardware processor; and
memory encoding computer executable instructions that, when executed by at least one processor, perform a method comprising; receiving network data corresponding to activity for a plurality of users on a network; dynamically generating a network behavior profile for the network based on the network data, wherein the network behavior profile defines a pattern of behavior for the network for one or more transactions; receiving comparison data; comparing the comparison data to the network behavior profile for a specific transaction, wherein the network behavior profile comprises previously received network data comprising at least two of;
an access time, location data, page requests made, PKI status, page referrer URL, common access card information, login name, encryption information, and weather data;based on the comparison, determining if the comparison data deviates from the network behavior profile; and when the comparison data is determined to deviate from the network behavior profile, performing one or more actions.
- at least one hardware processor; and
Specification