BEHAVIOR-BASED TRAFFIC PROFILING BASED ON ACCESS CONTROL INFORMATION
0 Assignments
0 Petitions
Accused Products
Abstract
A method includes receiving one or more of user information, role information, or authorization information associated with a user accessing a network, selecting a traffic flow to monitor that is associated with the one or more of user information, role information, or authorization information, monitoring the traffic flow, determining whether an anomaly exists with respect to the traffic flow based on a traffic behavior pattern associated with the one or more of user information, role information, or authorization information, and performing a security response when it is determined that the anomaly exists.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A device comprising:
one or more processors to; obtain, from a security device, traffic flow information associated with a user accessing a resource via a network, the traffic flow information being generated based on monitoring network traffic associated with the user accessing the resource, and the traffic flow information including information indicating a user role associated with the user; determine whether a traffic behavior pattern, associated with the user role, exists; when the traffic behavior pattern exists, the one or more processors are to; update the traffic behavior pattern based on the traffic flow information to form an updated traffic behavior pattern; when the traffic behavior pattern does not exist, the one or more processors are to; generate the traffic behavior pattern based on the traffic flow information; and provide one of the updated traffic behavior pattern or the generated traffic behavior pattern to the security device, the one of the updated traffic behavior pattern or the created traffic behavior pattern permitting the security device to control access, by the user, to the resource. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
28. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; obtain, from a security device, traffic flow information associated with a user accessing a resource via a network, the traffic flow information being generated based on monitoring network traffic associated with the user accessing the resource, and the traffic flow information including information indicating a user role associated with the user; determine whether a traffic pattern, associated with the user role, exists; update, when the traffic pattern exists, the traffic pattern based on the traffic flow information; generate, when the traffic pattern does not exist, the traffic pattern based on the traffic flow information; and provide one of the updated traffic pattern or the generated traffic pattern to the security device, the one of the updated traffic pattern or the generated traffic pattern permitting the security device to control access, by the user, to the resource. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
35. A method comprising:
-
obtaining, by a network device and from a security device, traffic flow information associated with a user accessing a resource via a network, the traffic flow information being generated based on monitoring network traffic associated with the user accessing the resource, and the traffic flow information including information indicating a user role associated with the user; determining, by the network device, whether a traffic behavior pattern, associated with the user role, exists; updating, by the network device and when the traffic behavior pattern exists, the traffic behavior pattern based on the traffic flow information to form an updated traffic behavior pattern; generating, by the network device and when the traffic behavior pattern does not exist, the traffic behavior pattern based on the traffic flow information; and providing, by the network device, one of the updated traffic behavior pattern or the generated traffic behavior pattern to a security device, the one of the updated traffic behavior pattern or the generated traffic behavior pattern permitting the security device to control access, by the user, to the resource. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification