System and method for outlier and anomaly detection in identity management artificial intelligence systems using cluster based analysis of network identity graphs
First Claim
Patent Images
1. An identity management system of using property graphs for risk detection, comprising:
- a memory;
a hardware processor;
a non-transitory, computer-readable storage medium including computer instructions executable by the hardware processor for;
obtaining first identity management data, at a first time, which is obtained from one or more identity management systems in a distributed enterprise computing environment;
evaluating the obtained first identity management data to determine a first set of identities and a first set of entitlements associated with the first set of identities, wherein the first set of identities and the associated first set of entitlements utilized in identity management of the distributed enterprise computing environment;
generating a first property graph from the first identity management data by;
creating a node of the first property graph for each of the determined first set of identities,for each first identity and second identity, from the determined first set of identities, that share at least one entitlement of the determined first set of entitlements, creating an edge of the first property graph between a first node and a second node representing respectively the first identity and the second identity of the first property graph, andgenerating a similarity weight for each of the created edges of the first property graph based on the at least one shared entitlement between the first identity and the second identity;
pruning a set of edges of the first property graph based on the set of similarity weights of the set of edges to generate a second property graph;
storing the second property graph in a data store;
analyzing the second property graph to identify an outlier node of the graph; and
identifying an identity management artifact associated with the outlier node as a high risk identity management artifact.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.
-
Citations
24 Claims
-
1. An identity management system of using property graphs for risk detection, comprising:
-
a memory; a hardware processor; a non-transitory, computer-readable storage medium including computer instructions executable by the hardware processor for; obtaining first identity management data, at a first time, which is obtained from one or more identity management systems in a distributed enterprise computing environment; evaluating the obtained first identity management data to determine a first set of identities and a first set of entitlements associated with the first set of identities, wherein the first set of identities and the associated first set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first property graph from the first identity management data by; creating a node of the first property graph for each of the determined first set of identities, for each first identity and second identity, from the determined first set of identities, that share at least one entitlement of the determined first set of entitlements, creating an edge of the first property graph between a first node and a second node representing respectively the first identity and the second identity of the first property graph, and generating a similarity weight for each of the created edges of the first property graph based on the at least one shared entitlement between the first identity and the second identity; pruning a set of edges of the first property graph based on the set of similarity weights of the set of edges to generate a second property graph; storing the second property graph in a data store; analyzing the second property graph to identify an outlier node of the graph; and identifying an identity management artifact associated with the outlier node as a high risk identity management artifact. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of using property graphs for risk detection, comprising:
-
obtaining first identity management data, at a first time, which is obtained from one or more identity management systems in a distributed enterprise computing environment; evaluating the obtained first identity management data to determine a first set of identities and a first set of entitlements associated with the first set of identities, wherein the first set of identities and the associated first set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first property graph from the first identity management data by; creating a node of the first property graph for each of the determined first set of identities, for each first identity and second identity, from the determined first set of identities, that share at least one entitlement of the determined first set of entitlements, creating an edge of the first property graph between a first node and a second node representing respectively the first identity and the second identity of the first property graph, and generating a similarity weight for each of the created edges of the first property graph based on the at least one shared entitlement between the first identity and the second identity; pruning a set of edges of the first property graph based on the set of similarity weights of the set of edges to generate a second property graph; storing the second property graph in a data store; analyzing the second property graph to identify an outlier node of the graph; and identifying an identity management artifact associated with the outlier node as a high risk identity management artifact. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium of using property graphs for risk detection, comprising instructions executable by the hardware processor for:
-
obtaining first identity management data, at a first time, which is obtained from one or more identity management systems in a distributed enterprise computing environment; evaluating the obtained first identity management data to determine a first set of identities and a first set of entitlements associated with the first set of identities, wherein the first set of identities and the associated first set of entitlements utilized in identity management of the distributed enterprise computing environment; generating a first property graph from the first identity management data by; creating a node of the first property graph for each of the determined first set of identities, for each first identity and second identity, from the determined first set of identities, that share at least one entitlement of the determined first set of entitlements, creating an edge of the first property graph between a first node and a second node representing respectively the first identity and the second identity of the first property graph, and generating a similarity weight for each of the created edges of the first property graph based on the at least one shared entitlement between the first identity and the second identity; pruning a set of edges of the first property graph based on the set of similarity weights of the set of edges to generate a second property graph; storing the second property graph in a data store;
analyzing the second property graph to identify an outlier node of the graph; andidentifying an identity management artifact associated with the outlier node as a high risk identity management artifact. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification