IDENTIFYING A SECURITY THREAT TO A WEB-BASED RESOURCE
First Claim
1. A computer-implemented method comprising:
- monitoring access logs associated with user requests for a web-based resource;
identifying, based on the access logs, one or more parameters that index records of the web-based resource;
generating at least one baseline distribution of values of the one or more parameters;
calculating, based on the at least one baseline distribution, a baseline entropy of the one or more parameters;
generating at least one distribution of values of the one or more parameters associated with user requests made by a particular user;
calculating, based on the distribution, an entropy of the one or more parameters associated with the user requests made by the particular user;
comparing the entropy to the baseline entropy; and
if a difference between the baseline entropy and the entropy exceeds a threshold, determining that the user requests made by the particular user poses a security threat to the web-based resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Access logs associated with user requests for a web-based resource are monitored. Parameter(s) that index records of the web-based resource are identified. A baseline distribution(s) of values of the parameter(s) are generated and, based on the baseline distribution(s), a baseline entropy of the parameter(s) is calculated. A distribution(s) of values of the parameters associated with user requests made by a particular user is generated and, based on the distribution(s), an entropy of the parameter(s) associated with the user requests is calculated. The entropy is compared to the baseline entropy. If a difference between the baseline entropy and the entropy exceeds a threshold, it is determined that the particular user poses a security threat to the web-based resource.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
monitoring access logs associated with user requests for a web-based resource; identifying, based on the access logs, one or more parameters that index records of the web-based resource; generating at least one baseline distribution of values of the one or more parameters; calculating, based on the at least one baseline distribution, a baseline entropy of the one or more parameters; generating at least one distribution of values of the one or more parameters associated with user requests made by a particular user; calculating, based on the distribution, an entropy of the one or more parameters associated with the user requests made by the particular user; comparing the entropy to the baseline entropy; and if a difference between the baseline entropy and the entropy exceeds a threshold, determining that the user requests made by the particular user poses a security threat to the web-based resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a memory; and a communication interface configured to enable communications in a network; one or more processors coupled to the memory and to the communication interface, and configured to; monitor access logs associated with user requests for a web-based resource; identify, based on the access logs, one or more parameters that index records of the web-based resource; generate at least one baseline distribution of values of the one or more parameters; calculate, based on the at least one baseline distribution, a baseline entropy of the one or more parameters; generate at least one distribution of values of the one or more parameters associated with user requests made by the particular user; calculate, based on the distribution, an entropy of the one or more parameters associated with the user requests made by the particular user; compare the entropy to the baseline entropy; and if a difference between the baseline entropy and the entropy exceeds a threshold, determine that the user requests made by the particular user poses a security threat to the web-based resource. - View Dependent Claims (14, 15, 16)
-
-
17. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to:
-
monitor access logs associated with user requests for a web-based resource; identify, based on the access logs, one or more parameters that index records of the web-based resource; generate at least one baseline distribution of values of the one or more parameters; calculate, based on the at least one baseline distribution, a baseline entropy of the one or more parameters; generate at least one distribution of values of the one or more parameters associated with user requests made by the particular user; calculate, based on the distribution, an entropy of the one or more parameters associated with the user requests made by the particular user; compare the entropy to the baseline entropy; and if a difference between the baseline entropy and the entropy exceeds a threshold, determine that the user requests made by the particular user poses a security threat to the web-based resource. - View Dependent Claims (18, 19, 20)
-
Specification