Detecting Malicious User Activity
First Claim
1. A computer-implemented method for detecting malicious user activity, the computer-implemented method comprising:
- generating, by a computer, a profile for a user that accesses a set of protected assets, the profile generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user;
applying, by the computer, a plurality of analytics on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on the applying of the plurality of analytics on the profile of the user;
generating, by the computer, a malicious user activity alert in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value; and
sending, by the computer, the malicious user activity alert to an analyst for feedback.
1 Assignment
0 Petitions
Accused Products
Abstract
Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting malicious user activity, the computer-implemented method comprising:
-
generating, by a computer, a profile for a user that accesses a set of protected assets, the profile generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user; applying, by the computer, a plurality of analytics on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on the applying of the plurality of analytics on the profile of the user; generating, by the computer, a malicious user activity alert in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value; and sending, by the computer, the malicious user activity alert to an analyst for feedback. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for detecting malicious user activity, the computer system comprising:
-
a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system, wherein the processor executes the program instructions to; generate a profile for a user that accesses a set of protected assets, the profile generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user; apply a plurality of analytics on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user; generate a malicious user activity alert in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value; and send the malicious user activity alert to an analyst for feedback. - View Dependent Claims (13, 14)
-
-
15. A computer program product for detecting malicious user activity, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
-
generating, by a computer, a profile for a user that accesses a set of protected assets, the profile generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user; applying, by the computer, a plurality of analytics on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on the applying of the plurality of analytics on the profile of the user; generating, by the computer, a malicious user activity alert in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value; and sending, by the computer, the malicious user activity alert to an analyst for feedback. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification