Cyber-semantic account management system
First Claim
1. A method for identifying anomalous behavior of an entity, the method comprising:
- receiving raw data comprising recorded activity for the entity, wherein the recorded activity is associated with a first objective related to a first event from a first data source and a second objective related to a second event from a second data source, wherein the first objective is unrelated to the second objective and the first event is unrelated to the second event;
dynamically generating, by a computing device, an on demand behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity related to one or more transactions, and wherein generating the behavior profile comprises transforming the raw data into one or more relational database objects;
receiving comparison data;
determining whether the comparison data deviates from the pattern of behavior defined in the behavior profile, for a specific transaction; and
when the comparison data deviates from the pattern of behavior, identifying the comparison data as anomalous behavior.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity'"'"'s credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.
10 Citations
20 Claims
-
1. A method for identifying anomalous behavior of an entity, the method comprising:
-
receiving raw data comprising recorded activity for the entity, wherein the recorded activity is associated with a first objective related to a first event from a first data source and a second objective related to a second event from a second data source, wherein the first objective is unrelated to the second objective and the first event is unrelated to the second event; dynamically generating, by a computing device, an on demand behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity related to one or more transactions, and wherein generating the behavior profile comprises transforming the raw data into one or more relational database objects; receiving comparison data; determining whether the comparison data deviates from the pattern of behavior defined in the behavior profile, for a specific transaction; and when the comparison data deviates from the pattern of behavior, identifying the comparison data as anomalous behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer storage device encoding computer executable instructions that, when executed by at least one processor, perform a method for identifying anomalous behavior of an entity, the method comprising:
-
receiving raw data comprising recorded activity for the entity, wherein the recorded activity is associated with a first objective related to a first event from a first data source and a second objective related to a second event from a second data source, wherein the first objective is unrelated to the second objective and the first event is unrelated to the second event ; dynamically generating, by a computing device, an on demand behavior profile for the entity based on the raw data, wherein the behavior profile defines a pattern of behavior for the entity related to one or more transactions, and wherein generating the behavior profile comprises transforming the raw data into one or more relational database objects; receiving comparison data; comparing the comparison data to the behavior profile for a specific transaction; and identifying a first portion of the comparison data that does not exist in the behavior profile as anomalous behavior. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a server comprising; at least one processor; and memory encoding computer executable instructions that, when executed by at least one processor, perform a method for identifying anomalous behavior of an entity, the method comprising; receiving raw data comprising past recorded activity for the entity, wherein the past recorded activity is associated with a first objective related to a first event from a first data source and a second objective related to a second event from a second data source, wherein the first objective is unrelated to the second objective and the first event is unrelated to the second event; dynamically generating an on demand behavior profile for the entity based on the raw data, the behavior profile defining a pattern of behavior for the entity related to one or more transactions, wherein generating the behavior profile comprises transforming the raw data into one or more relational database objects; receiving comparison data; comparing the comparison data to the behavior profile for a specific transaction; identifying a first portion of the comparison data that does not exist in the behavior profile as anomalous behavior; and generating a report of the anomalous behavior. - View Dependent Claims (19, 20)
-
Specification