Dynamic authorization of requested actions using adaptive context-based matching
First Claim
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for context-based analysis of requested activity in a computing environment, the operations comprising:
- building a plurality of dynamic context profiles for a plurality of processes in the computing environment, wherein the plurality of dynamic context profiles are based on monitoring and analyzing at least;
static parameters of the plurality of processes;
dynamic parameters of the plurality of processes; and
detected activity involving the plurality of processes, wherein each dynamic context profile comprises a number of steps;
receiving an indication of current runtime activity involving at least one identity in the computing environment;
matching the indication of current runtime activity to a dynamic context profile from the plurality of built dynamic context profiles, wherein the matching comprises;
analyzing previous steps of a first process of a plurality of processes associated with the current runtime activity; and
identifying, based on the previous steps, an automated action or a human action associated with at least one of the current runtime activity or the first process;
determining, based on the matching, a context-based probability that the current runtime activity is at least one of;
an anomalous activity, a suspicious activity, or non-valid with respect to the dynamic context profile, wherein the context-based probability has an associated confidence level where the confidence level increases as the number of steps in the dynamic context profile increases; and
performing a control action in association with either the current runtime activity or the first process based on the context-based probability and on whether the current runtime activity is determined to be at least one of;
an anomalous activity, a suspicious activity, or non-valid.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed embodiments relate to context-based analysis of requested activities. Techniques include building dynamic context profiles for processes based on static parameters of the processes, dynamic parameters of the processes, and detected activity involving the processes; receiving an indication of current runtime activity involving at least one identity; matching the indication of current runtime activity to a dynamic context profile; determining a context-based probability that the current runtime activity is anomalous, suspicious, or non-valid with respect to the dynamic context profile; and performing a control action in association with either the current runtime activity or the process based on whether the current runtime activity is determined to be anomalous, suspicious, or non-valid.
-
Citations
19 Claims
-
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for context-based analysis of requested activity in a computing environment, the operations comprising:
building a plurality of dynamic context profiles for a plurality of processes in the computing environment, wherein the plurality of dynamic context profiles are based on monitoring and analyzing at least; static parameters of the plurality of processes;
dynamic parameters of the plurality of processes; and
detected activity involving the plurality of processes, wherein each dynamic context profile comprises a number of steps;
receiving an indication of current runtime activity involving at least one identity in the computing environment;matching the indication of current runtime activity to a dynamic context profile from the plurality of built dynamic context profiles, wherein the matching comprises; analyzing previous steps of a first process of a plurality of processes associated with the current runtime activity; and identifying, based on the previous steps, an automated action or a human action associated with at least one of the current runtime activity or the first process; determining, based on the matching, a context-based probability that the current runtime activity is at least one of; an anomalous activity, a suspicious activity, or non-valid with respect to the dynamic context profile, wherein the context-based probability has an associated confidence level where the confidence level increases as the number of steps in the dynamic context profile increases; and performing a control action in association with either the current runtime activity or the first process based on the context-based probability and on whether the current runtime activity is determined to be at least one of;
an anomalous activity, a suspicious activity, or non-valid.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. A computer-implemented method for context-based analysis of requested activity in a computing environment, the method comprising:
building a plurality of dynamic context profiles for a plurality of processes in the computing environment, wherein the plurality of dynamic context profiles are based on monitoring and analyzing at least; static parameters of the plurality of processes; dynamic parameters of the plurality of processes; and detected activity involving the plurality of processes, wherein each dynamic context profile comprises a number of steps; receiving an indication of current runtime activity involving at least one identity in the computing environment; matching the indication of current runtime activity to a dynamic context profile from the plurality of built dynamic context profiles, wherein the matching comprises; analyzing previous steps of a first process of a plurality of processes associated with the current runtime activity; and identifying, based on the previous steps, an automated action or a human action associated with at least one of the current runtime activity or the first process; determining, based on the matching, a context-based probability that the current runtime activity is at least one of; an anomalous activity, a suspicious activity, or non-valid with respect to the dynamic context profile, wherein the context-based probability has an associated confidence level where the confidence level increases as the number of steps in the dynamic context profile increases; and performing a control action in association with either the current runtime activity or the first process based on the context-based probability and on whether the current runtime activity is determined to be at least one of;
an anomalous activity, a suspicious activity, or non-valid.- View Dependent Claims (17, 18, 19)
Specification