Systems and methods of classifying sessions
First Claim
1. A computer-implemented method, comprising:
- monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data;
analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity;
determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier;
determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and
classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of classifying sessions are disclosed. A particular method monitors user activity at one or more servers accessible via a network and capturing event entries in an activity log for user activity that is detected. The event entries include descriptive information regarding a user action, a client identifier and a session identifier. The method also includes attempting to classify sessions associated with a plurality of event entries of the activity log as legitimate use or illegitimate use of resources of the one or more servers. The method further includes identifying unclassified sessions. The method also includes determining a count of a number of unclassified sessions associated with a particular client identifier and determining a total number of sessions associated with the particular client identifier. The method further includes classifying the unclassified sessions as legitimate use or illegitimate use of the resources of the one or more servers.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier; determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing system, comprising:
-
a device processor; a memory device including instructions that, when executed by the device processor, cause the computing system to; monitor, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyze the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determine a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier; determine a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and classify the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising:
-
monitoring, by a network monitor on a computer, a network of devices to identify a plurality of communication sessions associated with a client identifier, each of the plurality of communication sessions being associated with sessions data; analyzing the identified plurality of communication sessions using an unclassified sessions model to determine unclassified sessions, wherein the unclassified sessions model indicates session characteristics for the unclassified sessions, and wherein the unclassified sessions are sessions that are not classified as corresponding to either human activity or automated activity; determining a quantity of other unclassified sessions associated with the client identifier and a quantity of total sessions associated with the client identifier; determining a ratio of the quantity of other unclassified sessions to the quantity of total sessions; and classifying the unclassified sessions based at least in part on a comparison of the ratio to a threshold, wherein the classifying for the unclassified sessions causes the network monitor to (a) identify illegitimate users or illegitimate sessions in accordance with the client identifier of the unclassified sessions and (b) perform an action on sessions data or resources of the unclassified sessions pertaining to the identified illegitimate users. - View Dependent Claims (17, 18, 19, 20)
-
Specification