SYSTEMS AND METHODS FOR DETECTING RESOURCES RESPONSIBLE FOR EVENTS
First Claim
1. A system, comprising:
- a memory storing instructions; and
a processor configured to execute the instructions to perform operations comprising;
receiving data associated with a resource;
identifying, based on the data associated with the resource, first actors that have accessed the resource;
determining, based on the first actors, a number of unique actors that have accessed the resource;
identifying, from the first actors, a set of affected actors that have been affected by an event;
identifying, from the set of affected actors, a subset of resource-affected actors comprising the affected actors that accessed the resource prior to being affected by the event;
determining a number of resource-affected actors in the subset of resource-affected actors;
determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and
determining whether the resource is responsible for the event based on the event score for the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.
66 Citations
20 Claims
-
1. A system, comprising:
-
a memory storing instructions; and a processor configured to execute the instructions to perform operations comprising; receiving data associated with a resource; identifying, based on the data associated with the resource, first actors that have accessed the resource; determining, based on the first actors, a number of unique actors that have accessed the resource; identifying, from the first actors, a set of affected actors that have been affected by an event; identifying, from the set of affected actors, a subset of resource-affected actors comprising the affected actors that accessed the resource prior to being affected by the event; determining a number of resource-affected actors in the subset of resource-affected actors; determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and determining whether the resource is responsible for the event based on the event score for the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for real-time identification of security breaches, comprising:
-
a memory storing instructions; and a processor configured to execute the instructions to perform operations comprising; receiving data associated with a resource; identifying, in real-time as the data associated with the resource is received, first actors that have accessed the resource; determining, based on the first actors, a number of unique actors that have accessed the resource; identifying, from the first actors, a set of affected actors that have been affected by a security breach; identifying, from the set of affected actors, a subset of resource-affected actors comprising affected actors that accessed the resource prior to being affected by the security breach; determining a number of resource-affected actors in the subset of resource-affected actors; determining an event score for the resource based on the number of unique actors and the number of resource-affected actors, wherein the event score comprises a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors; and determining whether the resource is responsible for the event based on the event score for the resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification