RISK SCORES FOR ENTITIES
First Claim
1. A non-transitory machine-readable storage medium storing instructions that upon execution cause a system to:
- receive anomaly scores regarding an entity from a plurality of detectors;
produce a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors;
determine an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior; and
compute a risk score for the entity based on the weighted anomaly score and the determined impact.
6 Assignments
0 Petitions
Accused Products
Abstract
In some examples, a system receives anomaly scores regarding an entity from a plurality of detectors, produces a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors, determines an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior, and computes a risk score for the entity based on the weighted anomaly score and the determined impact.
121 Citations
20 Claims
-
1. A non-transitory machine-readable storage medium storing instructions that upon execution cause a system to:
-
receive anomaly scores regarding an entity from a plurality of detectors; produce a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors; determine an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior; and compute a risk score for the entity based on the weighted anomaly score and the determined impact. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a processor; and a non-transitory storage medium storing instructions are executable on the processor to; receive anomaly scores regarding an entity from a plurality of detectors; produce a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the respective weights based on historical performance of the plurality of detectors; determine impact scores for respective static and dynamic contexts of the entity, each impact score of the impact scores being indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior; and compute a risk score for the entity based on combining the weighted anomaly score and the impact scores. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving, by a system comprising a processor, anomaly scores regarding a profile of an entity from a plurality of detectors; producing, by the system, a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the respective weights based on historical performance of the plurality of detectors; determining, by the system, an impact score based on a context of the entity, wherein the impact score is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior; computing, by the system, a risk score for the entity based on the weighted anomaly score and the impact score; and performing, by the system in response to the risk score, an action relating to an issue associated with the entity. - View Dependent Claims (20)
-
Specification