Please download the dossier by clicking on the dossier button x
×

Anomaly detection using adaptive behavioral profiles

  • US 9,544,321 B2
  • Filed: 07/28/2015
  • Issued: 01/10/2017
  • Est. Priority Date: 01/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method of automated detection of anomalous activities in a computer network of an organization comprising:

  • measuring, at a plurality of points, values of observables corresponding to behavioral indicators related to an activity over a predetermined period of time;

    forming distributions of estimated values about said plurality of points based upon said measured values of observables at said points;

    creating a behavioral profile for each of said behavioral indicators over a range of points by combining said distributions and said measured values using a kernel density estimation process, wherein said creating a behavioral profile using the kernel density estimation process comprises selecting a kernel bandwidth based upon the type of data being measured;

    forming an anomaly probability based upon a normalized inverse of said behavioral profile;

    determining a probability that a behavioral indicator that deviates from said behavioral profile for said behavioral indicator by more than a predetermined amount is an anomaly by comparing said behavioral indicator to said anomaly probability; and

    identifying that said activity is an anomaly when said determined probability exceeds a predetermined threshold.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×