System and method of automatically detecting outliers in usage patterns
First Claim
Patent Images
1. A system for detecting an outlier in a usage pattern, comprising:
- a computer system operating on one or more microprocessors and accessible to perform an operation, the computer system including an audit forensics engine having an outlier detection module and a pattern recognition module;
wherein when an instance occurs where the operation is performed, audit trail data are captured related to the operation;
wherein the pattern recognition module statistically analyzes audit trail data related to previous instances when the operation was performed on the content item to generate a content usage pattern; and
wherein the outlier detection module determines for the instance where the operation is performed whether the instance is an outlier in the content usage pattern based on a comparison of the audit trail data associated with the instance to the content usage pattern.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for detecting an outlier in a usage pattern comprises a computer accessible to perform an operation. The system includes an audit forensics engine having an outlier detection module. When an instance occurs where the operation is performed, audit trail data is captured related to the operation. The outlier detection module determines for the instance where the operation is performed whether the instance is an outlier in a usage pattern based on a comparison of the audit trail data to the usage pattern.
17 Citations
17 Claims
-
1. A system for detecting an outlier in a usage pattern, comprising:
-
a computer system operating on one or more microprocessors and accessible to perform an operation, the computer system including an audit forensics engine having an outlier detection module and a pattern recognition module; wherein when an instance occurs where the operation is performed, audit trail data are captured related to the operation; wherein the pattern recognition module statistically analyzes audit trail data related to previous instances when the operation was performed on the content item to generate a content usage pattern; and wherein the outlier detection module determines for the instance where the operation is performed whether the instance is an outlier in the content usage pattern based on a comparison of the audit trail data associated with the instance to the content usage pattern. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of detecting an outlier in a usage pattern in a computer system operating on one or more microprocessors, comprising the steps of:
-
receiving an instruction to perform an operation; accessing the computer system including an audit forensic engine having an outlier detection module and a pattern recognition module; performing the operation; capturing audit trail data related to the operation; statistically analyzing audit trail data related to previous instances when the operation was performed to generate a usage pattern; comparing the audit trail data related to the operation to the usage pattern; and determining based on the comparison whether the instance is an outlier in the usage pattern. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium, including instructions stored thereon, which when read and executed by one or more microprocessors cause the one or more microprocessors to perform the steps comprising:
-
receiving an instruction to perform an operation; accessing a computer system including an audit forensic engine having an outlier detection module and a pattern recognition module; performing the operation; capturing audit trail data related to the operation; statistically analyzing audit trail data related to previous instances when the operation was performed to generate a usage pattern; comparing the audit trail data related to the operation to the usage pattern; and determining based on the comparison whether the instance is an outlier in the usage pattern. - View Dependent Claims (14, 15, 16, 17)
-
Specification