ACTIVITY MODEL FOR DETECTING SUSPICIOUS USER ACTIVITY

摘要

Embodiments are directed to generating an account process profile based on meta-events and to detecting account behavior anomalies based on account process profiles. In one scenario, a computer system accesses an indication of which processes were initiated by an account over a specified period of time. The computer system analyzes at least some of the processes identified in the indication to extract features associated with the processes. The computer system assigns the processes to meta-events based on the extracted features, where each meta-event is a representation of how the processes are executed within the computer system. The computer system then generates an account process profile for the account based on the meta-events, where the account process profile provides a comprehensive view of the account's behavior over the specified period of time. This account process profile can be used to identify anomalies in process execution.

主权项

1. At a computer system including at least one processor, a computer-implemented method for generating an account process profile based on meta-events, the method comprising:
accessing an indication of which processes were initiated by an account over a specified period of time; analyzing at least some of the processes identified in the indication to extract one or more features associated with the processes; assigning the processes to one or more meta-events based on the extracted features, each meta-event comprising a representation of how the processes are executed within the computer system; and generating an account process profile for the account based on the meta-events, the account process profile providing a view of the account's behavior over the specified period of time.