首页>
外国专利>
Identifying insider-threat security incidents via recursive anomaly detection of user behavior
Identifying insider-threat security incidents via recursive anomaly detection of user behavior
展开▼
机译:通过递归异常检测用户行为来识别内部威胁安全事件
展开▼
页面导航
摘要
著录项
相似文献
摘要
A computerized system for recursively detecting anomalies in monitored behavior of entities. The system comprises a storage unit to store monitored events, event deviations and parameters related to each event and to each event deviation. The system comprises a processing unit configured to receive a plurality of input events, construct a plurality of baseline models, receive an input event that occurred during an analyzed timeframe, compare parameters of the received input event to a corresponding baseline model in order to detect an event deviation, and associate an event deviation score to the detected event deviation. Using the detected event deviation as an input event, said operations are repeated until a predetermined condition is satisfied, and an alert is generated, indicating suspicious activity has been detected. A viewer application configured to receive and display alerts relating to the detected event deviation is provided.
展开▼