User identification using multifaceted footprints
First Claim
1. A computer program product for identifying an unknown user, the computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
computer readable program code configured to provide a plurality of historical network traces of user activity;
computer readable program code configured to extract a footprint for each of a plurality of users from the historical network traces;
computer readable program code configured to aggregate the footprints of the users to determine an ensemble prior;
computer readable program code configured to receive a plurality of network traces relevant to an unknown user in a computer environment;
computer readable program code configured to match the network traces against each of the footprints to determine a plurality of matches;
computer readable program code configured to aggregate the matches using the ensemble prior according to a plurality of contexts and a plurality of facets; and
computer readable program code configured to output a probable user identity for the unknown user.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
-
Citations
13 Claims
-
1. A computer program product for identifying an unknown user, the computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code configured to provide a plurality of historical network traces of user activity; computer readable program code configured to extract a footprint for each of a plurality of users from the historical network traces; computer readable program code configured to aggregate the footprints of the users to determine an ensemble prior; computer readable program code configured to receive a plurality of network traces relevant to an unknown user in a computer environment; computer readable program code configured to match the network traces against each of the footprints to determine a plurality of matches; computer readable program code configured to aggregate the matches using the ensemble prior according to a plurality of contexts and a plurality of facets; and computer readable program code configured to output a probable user identity for the unknown user. - View Dependent Claims (4, 5, 6)
-
-
2. The computer program product of 1, wherein the network traces are received as an input stream, and the computer readable storage medium further comprising computer readable program code configured to perform the matching on the stream of network traces using an indexing structure.
-
3. The computer program product of 1, further comprising computer readable program code configured to output a plurality of user identities, ranked by probability.
-
7. A system for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts, the system comprising:
-
a memory storing a plurality of priors for the facets with respect to the contexts and an ensemble prior based on a plurality of footprints of known users; and a processor configured to receive a plurality of network traces relevant to an unknown user in a computer environment, match the network traces against each of the footprints to determine a plurality of matches, aggregate the matches using the ensemble prior according to the facets and the contexts, and output a probable user identity for the unknown user. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification