首页>
外国专利>
Clustering for detection of anomalous behavior and insider threat
Clustering for detection of anomalous behavior and insider threat
展开▼
机译:聚类以检测异常行为和内部威胁
展开▼
页面导航
摘要
著录项
相似文献
摘要
Detecting anomalous user behavior is provided. User activity is logged for a set of users. The user activity is divided into distinct time intervals. For each distinct time interval, logged user activity is converted to a numerical representation of each user's activities for that distinct time interval. A clustering process is used on the numerical representations of user activities to determine which users have similar activity patterns in each distinct time interval. A plurality of peer groups of users is generated based on determining the similar activity patterns in each distinct time interval. Anomalous user behavior is detected based on a user activity change in a respective peer group of users within a distinct time interval.
展开▼