User state tracking and anomaly detection in software-as-a-service environments

US 20170155672A1
Filed: 11/30/2015
Published: 06/01/2017
Est. Priority Date: 11/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method for user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, comprising:

obtaining, from each of a set of cloud applications, user state data with respect to one or more resources;

for a given cloud application in the set, mapping the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application;

outputting the reduced set of states to facilitate a logging operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.

Citations

21 Claims

1. A method for user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, comprising:
- obtaining, from each of a set of cloud applications, user state data with respect to one or more resources;
  
  for a given cloud application in the set, mapping the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application;
  
  outputting the reduced set of states to facilitate a logging operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein user state data is collected for a single tenant enterprise in the SaaS environment.
  - 3. The method as described in claim 1 further including:
    - monitoring requests between or among the set of cloud applications; and
      
      building a dependency graph based on dependency relationships between respective ones of the cloud applications, the dependency relationships discovered by monitoring the requests.
  - 4. The method as described in claim 3 further including assessing whether a dependency request is valid according to the dependency graph.
  - 5. The method as described in claim 4 further including providing an indication that the dependency request has been determined to be valid.
  - 6. The method as described in claim 1 wherein the logging operation is provided by an associated log management system.
  - 7. The method as described in claim 1 wherein the user state data is obtained by receiving user state data provided by the given cloud application or by polling the given cloud application to provide such data.

8. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions executed by the processor to provide user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, the computer program instructions comprising program code operative to;
  
  obtain, from each of a set of cloud applications, user state data with respect to one or more resources;
  
  for a given cloud application in the set, map the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application;
  
  provide the reduced set of states to facilitate a logging operation.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein user state data is collected for a single tenant enterprise in the SaaS environment.
  - 10. The apparatus as described in claim 8 wherein the program code is operative to:
    - monitor requests between or among the set of cloud applications; and
      
      build a dependency graph based on dependency relationships between respective ones of the cloud applications, the dependency relationships discovered by monitoring the requests.
  - 11. The apparatus as described in claim 10 wherein the program code also assesses whether a dependency request is valid according to the dependency graph.
  - 12. The apparatus as described in claim 11 wherein the program code provides an indication that the dependency request has been determined to be valid.
  - 13. The apparatus as described in claim 8 further including an associated log management system.
  - 14. The apparatus as described in claim 8 wherein the user state data is obtained by receiving user state data provided by the given cloud application or by polling the given cloud application to provide such data.

15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to provide user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, the computer program instructions comprising program code operative to:
- obtain, from each of a set of cloud applications, user state data with respect to one or more resources;
  
  for a given cloud application in the set, map the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application;
  
  provide the reduced set of states to facilitate a logging operation.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product as described in claim 15 wherein user state data is collected for a single tenant enterprise in the SaaS environment.
  - 17. The computer program product as described in claim 15 wherein the program code is operative to:
    - monitor requests between or among the set of cloud applications; and
      
      build a dependency graph based on dependency relationships between respective ones of the cloud applications, the dependency relationships discovered by monitoring the requests.
  - 18. The computer program product as described in claim 17 wherein the program code also assesses whether a dependency request is valid according to the dependency graph.
  - 19. The computer program product as described in claim 18 wherein the program code provides an indication that the dependency request has been determined to be valid.
  - 20. The computer program product as described in claim 15 further including an associated log management system.
  - 21. The computer program product as described in claim 15 wherein the user state data is obtained by receiving user state data provided by the given cloud application or by polling the given cloud application to provide such data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hoy, Jeffrey Robert, Muthukrishnan, Ravi Krishnan, Iyer, Sreekanth Ramakrishna, Kapadia, Kaushal Kiran, Nagaratnam, Nataraj

Granted Patent

US 10,200,387 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/30   Profiles

H04L 67/535   Tracking the activity of th...

User state tracking and anomaly detection in software-as-a-service environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

User state tracking and anomaly detection in software-as-a-service environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links