CYBER-SEMANTIC ACCOUNT MANAGEMENT SYSTEM
First Claim
1. A method for identifying anomalous behavior of an entity, the method comprising:
- receiving raw data, wherein the raw data comprises recorded activity for the entity;
generating a behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity;
receiving comparison data;
determining whether the comparison data deviates from the pattern of behavior defined in the behavior profile; and
when the comparison data deviates from the pattern of behavior, identifying the comparison data as anomalous behavior.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity'"'"'s credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.
28 Citations
20 Claims
-
1. A method for identifying anomalous behavior of an entity, the method comprising:
-
receiving raw data, wherein the raw data comprises recorded activity for the entity; generating a behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity; receiving comparison data; determining whether the comparison data deviates from the pattern of behavior defined in the behavior profile; and when the comparison data deviates from the pattern of behavior, identifying the comparison data as anomalous behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer storage medium encoding computer executable instructions that, when executed by at least one processor, perform a method for identifying anomalous behavior of an entity, the method comprising:
-
receiving raw data, wherein the raw data comprises recorded activity for the entity; generating a behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity; receiving comparison data; comparing the comparison data to the behavior profile; and identifying a first portion of the comparison data that does not exist in the behavior profile as anomalous behavior. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system comprising:
a server comprising; at least one processor; and memory encoding computer executable instructions that, when executed by at least one processor, perform a method for identifying anomalous behavior of an entity, the method comprising; receiving raw data, wherein the raw data comprises past recorded activity for the entity; generating a behavior profile for the entity based on the raw data, the behavior profile defining a pattern of behavior for the entity, wherein the behavior profile is generated using relational algebra; receiving comparison data; comparing the comparison data to the behavior profile; identifying a first portion of the comparison data that does not exist in the behavior profile as anomalous behavior; and generating a report of the anomalous behavior. - View Dependent Claims (19, 20)
Specification