×

DETECTING ANOMALOUS ACCOUNTS USING EVENT LOGS

  • US 20160350165A1
  • Filed: 05/28/2015
  • Published: 12/01/2016
  • Est. Priority Date: 05/28/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system for anomalous process detection, comprising:

  • an event log module configured to receive a plurality of event logs;

    a filter module configured to filter the plurality of event logs based on detected process creations;

    a receiving module configured to receive a directory path and process name for each detected process creation;

    a conversion module configured to convert each directory path to a sequence of integers based on a character count for each sub-directory of the directory path;

    a detection module configured to detect an anomalous process based on a threshold number of matching character counts and matching process names; and

    a display module configured to display the detected anomalous process.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×