首页>
外国专利>
Automated detection of session-based access anomalies in a computer network through processing of session data
Automated detection of session-based access anomalies in a computer network through processing of session data
展开▼
机译:通过处理会话数据自动检测计算机网络中基于会话的访问异常
展开▼
页面导航
摘要
著录项
相似文献
摘要
A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain data characterizing a plurality of network sessions for each of a plurality of user identifiers. The network sessions are initiated from a plurality of user devices over at least one network and may comprise respective virtual private network (VPN) sessions. The processing device is further configured to process the data characterizing the network sessions for a given one of the plurality of user identifiers to generate a network session profile for the given user identifier, the network session profile comprising a plurality of histograms for respective ones of a plurality of features extracted from the data characterizing the plurality of network sessions for the given user identifier. A risk score is generated for a current network session utilizing features extracted from the data characterizing that session and the network session profile.
展开▼